Permissions for fluent-bit writes

We have a set-up where we use AWS Elasticsearch service (with ES 7.7, i.e. OpenDistro 1.8) and write log data from fluent-bit running in EKS Kubernetes clusters, using the aws-for-fluent-bit Docker image (v2.8.0)

This works fine - if we set the access controls to full access for the fluent-bit IAM role. However, if we try to restrict permissions to only the operations that fluent-bit perform (essentially bulk writes), it stops working. I have tried various combinations of permissions, but not been successful unless I set full permissions (i.e. * ), which seems wrong.

Does anyone have a working setup for fluent-bit and using AWS Elasticsearch service, which is not full access?

@eriklz I am not using AWS Elasticsearch but I have Fluent Bit working with ODFE 1.7.0. In my case, the security setting for my logcollector role are:

  "index_permissions": [
      "index_patterns": [
      "fls": [],
      "masked_fields": [],
      "allowed_actions": [
  "tenant_permissions": [],
  "cluster_permissions": []

I don’t know if that helps at all; things may be different with AWS Elasticsearch.

That is one combination I have tried and that did not work, even setting “index:" and "cluster:” does not help. Only thing that worked was to map the AWS IAM role as backend_role to the pre-defined “all_access” role.
For my custom role settings I did create a separate log_writer role and had a mapping which associated the backend_role with that role.