Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch and Dashboards - 2.11.0
Describe the issue:
It would be nice to have some kind of universal predefined role for log processors such as fluentbit. Especially if you want to make your installation safe and secured. For most deployments default “all_access” role is enough. But in case of possible security audit procedure permissions for every subsystem should be defined explicitly.
Configuration:
I suppose this set of action groups may be fine but grants redundant privileges:
index
create_index
cluster_composite_ops
Also I’ve tried to google relevant information in context of fluentbit, opensearch and even elasticsearch. But there is nothing helpful.
There is a predefined logstash role that can be used as a starting point to create a role for Fluentbeat. This role will be different in every situation because the index name is not always the same.
To create a role, you need to:
Log in to OpenSearch Dashboards.
Go to Security > Roles.
Search for the logstash role, select it, click the Actions button, and click Duplicate.