We have a set-up where we use AWS Elasticsearch service (with ES 7.7, i.e. OpenDistro 1.8) and write log data from fluent-bit running in EKS Kubernetes clusters, using the aws-for-fluent-bit Docker image (v2.8.0)
This works fine - if we set the access controls to full access for the fluent-bit IAM role. However, if we try to restrict permissions to only the operations that fluent-bit perform (essentially bulk writes), it stops working. I have tried various combinations of permissions, but not been successful unless I set full permissions (i.e. * ), which seems wrong.
Does anyone have a working setup for fluent-bit and using AWS Elasticsearch service, which is not full access?