We have 9 accounts in AWS. I have set up AWS Config on each account, pointing to their own SNS topic. I have one SQS Queue in us-east-1 subscribed to the SNS topic from each region, which should allow Splunk to watch a single endpoint for notifications as setting up all 9 regions for all 9 accounts seems like it would be an excessive drain on my Splunk server to ping these on a regular basis.
A few questions:
- Will this work as configured?
- If it will not work, how bad of a performance hit am I going to have if I setup all 9 accounts against all 9 regions? Should I simply raise the default checking time?
↧