diff --git a/roles/splunk/tasks/prereqs.yml b/roles/splunk/tasks/prereqs.yml
index 4051c405..a7bfacc0 100644
--- a/roles/splunk/tasks/prereqs.yml
+++ b/roles/splunk/tasks/prereqs.yml
@@ -4,3 +4,11 @@
     name: acl
     state: present
   become: True
+
+- name: install distro specific required packages
+  ansible.builtin.package:
+    name: "{{ linux_package_prereqs }}"
+    state: present
+  when: linux_package_prereqs is defined
+  become: true
+  
diff --git a/roles/splunk/vars/Amazon2023.yml b/roles/splunk/vars/Amazon2023.yml
new file mode 100644
index 00000000..e13f5b22
--- /dev/null
+++ b/roles/splunk/vars/Amazon2023.yml
@@ -0,0 +1,17 @@
+global_bashrc: /etc/bashrc
+chk_config_cmd: chkconfig --add disable-thp
+linux_package_prereqs:
+  - logrotate
+  - rsyslog
+  - cronie
+  - polkit
+linux_packages:
+  - sysstat
+  - telnet
+  - tcpdump
+  - htop
+  - lsof
+  - gdb
+  - bind-utils
+firewall_service: firewalld
+logrotate_file: /etc/logrotate.d/rsyslog