This template provisions base AWS infrastructure and deploys Splunk Enterprise (single instance). This is useful for temporary deployments used for demo/testing purposes.
- Install & configure AWS CLI
- Configure AWS Account & Terraform as described in sections 1 & 2 here
- Set requred and optional parameters (described below)
- Paste license in splunk-resources/license.lic
| Parameter | Description | Required? |
|---|---|---|
| aws_profile | The primary named profile to use | Yes |
| aws_region | AWS Region for cloud resources | Yes |
| aws_az | AWS Availability Zone for cloud resources | Yes |
| aws_privatekeypath | The path to the AWS private key ("somekey.pem") on your local system | Yes |
| aws_keyname | The name of your key ("somekey") | Yes |
| aws_splunkwebport | Port for Splunk Web. Defaults to 8000 | No |
| aws_splunkmgmtport | Splunk Management port. Defaults to 8089 | No |
| aws_allow_cidr_range | CIDR block for outgoing traffic. Defaults to all | No |
| aws_instance_type | EC2 instance type. Defaults to t2.medium | No |
| aws_sshuser | SSH user of the AMI. Defaults to "centos" for the CentOS 7.x AMI | No |
| aws_ebs_volumesize | Size of the EBS volume attached to EC2 instance. (Splunk will complain about disks smaller than 20GB) Defaults to 40GB | No |
| amifilter_osname | AMI OS name to search for. Defaults to "CentOS 7.9*" | No |
| amifilter_osarch | OS architecture of the AMI to search for. Defaults to "x86_64" | No |
| amifilter_osvirtualizationtype | OS Virtualization Type when searching for AMI. Defaults to "hvm" | No |
| amifilter_owner | Sets owner filter when searching for AMI. Defaults to "125523088429" for CentOS 7.9* | No |
| Parameter | Description | Required? |
|---|---|---|
| splunkuserpassword | Splunk admin password (No single quotes). Defaults to "Splunk.5". (follow directions in install script) | Yes |
| hostname | Hostname for the Splunk instance. Defaults to "Splunk" | Yes |
- Initialize Terraform and download plugins by running
terraform init - Deploy with
terraform planandterraform apply
Terraform will output the external IP address of the EC2 instance. Copy & paste this URL into your web browser with ":XXXX" (no quotes) as a suffix, where XXXX is the Splunk Web port number set in the variables file (defaults to 8000). Ex. 10.10.10.10:8000
To destroy the resources created by Terraform, run terraform destroy
This deployment template is provided for demo/POC purposes only.
- consolidate both Terraform & Splunk variables into one file