Skip to main content
Splunk Lantern



AWS Identity and Access Management (IAM) provides fine-grained access control across all of AWS. With IAM, you can specify who can access which services and resources, and under which conditions. With IAM policies, you manage permissions to your workforce and systems to ensure least-privilege permissions.


Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note that for Splunk SOAR, the AWS IAM app supports various containment, corrective and investigate actions related to users, groups, roles, and policies.


When your Splunk deployment is ingesting AWS IAM data, you can use the data to achieve the following in Splunk Enterprise or Splunk Cloud Platform:

With Splunk SOAR, you can use this data for: