Skip to content

dryvist/tf-splunk-aws

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

161 Commits
.claude
.claude
 
 
.copilot
.copilot
 
 
.github
.github
 
 
docs
docs
 
 
modules
modules
 
 
scripts
scripts
 
 
terragrunt
terragrunt
 
 
.envrc
.envrc
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.markdownlint.yml
.markdownlint.yml
 
 
.markdownlintignore
.markdownlintignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.readme-validator.yaml
.readme-validator.yaml
 
 
.release-please-manifest.json
.release-please-manifest.json
 
 
.tflint.hcl
.tflint.hcl
 
 
AGENTS.md
AGENTS.md
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CLAUDE.md
CLAUDE.md
 
 
DEVELOPMENT_HISTORY.md
DEVELOPMENT_HISTORY.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
VERSION
VERSION
 
 
release-please-config.json
release-please-config.json
 
 
renovate.json
renovate.json
 
 
terragrunt.hcl
terragrunt.hcl
 
 

Repository files navigation

TF-Splunk-AWS

CI License

Cost-optimized Splunk infrastructure on AWS using OpenTofu and Terragrunt. ~$8.54–$17.67/month (optional auto-lifecycle). Long-term archive is handled by Cribl writing directly to S3 outside this module.

What & Why

What: Production-ready Splunk deployment on AWS with modular Terraform architecture Why: Demonstrates cost optimization, infrastructure-as-code best practices, and security-first design

Quick Facts

  • Cost: ~$17.67/month always-on; ~$8.54/month with enable_auto_lifecycle = true
  • Architecture: 4 modules (network, security, compute, splunk)
  • Deployment: Terragrunt-managed with remote state
  • Security: Encrypted storage, IAM least privilege, VPC isolation

Cost Breakdown

Resource Always-On Auto-Lifecycle
NAT Instance (t4g.nano) $2.52 $2.52
Splunk Instance (t4g.small) $12.18 ~$3.05 (25% utilization)
EBS Storage (70GB GP3) $2.97 $2.97
Total ~$17.67 ~$8.54

Index data lives on the local EBS volume. Cribl handles long-term archive to S3 out-of-band, so this module no longer manages a SmartStore bucket. Auto-lifecycle (enable_auto_lifecycle = true) starts Splunk every 4 hours for 60 minutes.

Quick Start

cd terragrunt/dev
terragrunt plan    # Review 22 resources
terragrunt apply   # Deploy infrastructure

Documentation

Document Purpose Read Time
Project Scope Business context, constraints 2 min
Architecture Technical decisions, current state 5 min
Implementation Module details, developer guide 10 min

About

Cost-optimized Terraform/Terragrunt infrastructure deploying Splunk on AWS. Features VPC isolation, encrypted storage, least-privilege IAM policies, and comprehensive documentation. Manages ~22 AWS resources with minimal monthly cost (~.80). Modular DRY configuration patterns.

Topics

aws security documentation devops encryption ec2 splunk terraform iam iac vpc cloud-infrastructure infrastructure-as-code ebs terragrunt cost-optimization modular-architecture

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 21

v0.15.3 Latest
May 21, 2026
+ 20 releases

Packages

 
 
 

Contributors

Languages