Documentation Index
Fetch the complete documentation index at: https://docs.jacobpevans.com/llms.txt
Use this file to discover all available pages before exploring further.
Splunk on AWS without the enterprise sticker shock. Smaller indexer tier, same data shape.
tf-splunk-aws provisions a complete Splunk Enterprise footprint on AWS: VPC, subnets, security groups, KMS keys, IAM roles, EBS volumes, EC2 instances ready for the ansible-splunk role to land on. The shape is intentional — smaller, cost-optimized indexer tier suitable for DR or workload offload.
What it does
- Builds an isolated VPC with public/private subnets, NAT, and VPC endpoints
- Provisions KMS-encrypted EBS volumes for hot, warm, and cold indexer tiers
- Defines IAM roles with least-privilege access for Splunk components
- Outputs an inventory that
ansible-splunkconsumes directly - Wraps the Terraform AWS Provider with Terragrunt for per-env DRY-ing
How it fits
| Provisions | Hands off to |
|---|---|
| AWS VPC, EC2 indexers + search heads, KMS-encrypted EBS, IAM | Splunk install (Ansible) configures Splunk on top |
Getting started
Clone and enter the dev shell
git clone https://github.com/JacobPEvans/tf-splunk-aws && cd tf-splunk-aws && nix developProvide AWS credentials
Doppler resolves
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and an explicit region per env. Never commit these.Apply
terragrunt run-all apply from the chosen env folder. Review the plan; resources are tagged for cost tracking.Related repos
ansible-splunk
Configures the Splunk Enterprise install on what this provisions.
Observability overview
Where this fits in the OTEL → Cribl → Splunk pipeline.
terraform-aws
The broader AWS DR footprint repo this complements.
Source on GitHub
Modules, env folders, full README.