Data Prepper - HTTP/1.1 403 Forbidden


I trying to run the data prepper on kubernetes.

I have the following errors :

Caused by: org.elasticsearch.ElasticsearchStatusException: method [HEAD], host [https://elasticsearch.*.pl:9200], URI [/_alias/otel-v1-apm-span?ignore_throttled=false&ignore_unavailable=false&expand_wildcards=open%2Cclosed&allow_no_indices=true], status line [HTTP/1.1 403 Forbidden]

[main] ERROR - Construction of pipeline components failed, skipping building of pipeline [sample-pipeline] and its connected pipelines Encountered exception while instantiating the plugin ElasticsearchSink

The data prepper got all the permissions it was calling for :slight_smile:

Pipeline :
workers: 4 # the number of workers
delay: 100 # in milliseconds, how long workers wait between read attempts
ssl: false
buffer_size: 1024 # max number of records the buffer accepts
batch_size: 256 # max number of records the buffer drains after each read
- otel_trace_raw_prepper:
- elasticsearch:
hosts: [“https://elasticsearch.*.pl:9200”]
cert: “/usr/share/data-prepper/root-ca.pem”
username: “data-prepper”
password: “*****”
trace_analytics_raw: true

It simple configuration - I wish it would just start work :smiley:


Hello Maciej,

I’m sorry you are having trouble running Data Prepper. It appears that you are getting the 403 from OpenSearch/ElasticSearch itself. Data Prepper is trying to check if a specific alias exists, but doesn’t have permission to make this request.

This security page outlines what permissions are needed for use in Amazon OpenSearch Service.

The same permissions should apply for OpenSearch however it is run or managed. Looking at the bottom section, I’d first like to check that your data-prepper user has the all_access role or equivalent.


1 Like