Skip to main content

Sqs

2026


Splunk Enterprise on AWS: Architecting EC2, Docker, IAM, and SNS/SQS Log Ingestion Pipeline

·13 mins

My blog runs as a static S3 origin behind CloudFront, deployed by Terraform and GitHub Actions. The edge was producing access logs, but they were sitting inert in object storage. I could not yet answer questions and produce intelligence like: Who is requesting what? Why are certain clients requesting paths or filenames that result in 403 or 404? How often does CloudFront serve from cache versus reaching back to S3?