Error adding Snapshot action

user20250902 · September 2, 2025, 9:21am

We have an AWS Managed OpenSearch cluster running 2.19 which we use to store logs. Each days logs are in a new index e.g. main-2025-09-02.log

We currently delete logs after 10 days.

{
    "policy": {
      "description": "Delete logs after 10 days",
      "default_state": "hot",
      "ism_template": [
        { "index_patterns": ["main-*"], "priority": 100 }
      ],
      "states": [
        {
          "name": "hot",
          "actions": [],
          "transitions": [
            { "state_name": "delete", "conditions": { "min_index_age": "10d" } }
          ]
        },
        {
          "name": "delete",
          "actions": [
            { "retry": { "count": 3, "backoff": "exponential", "delay": "1m" }, "delete": {} }
          ],
          "transitions": []
        }
      ]
    }
  }

This is working as expected. We now want to add a step to back them up to S3 before deleting. We have added the S3 bucket to Repositories in OpenSearch and did a Snapshot to ensure all permissions are working. I can see the .dat files in the S3 bucket.

However, trying to update the ISM policy is causing an issue

{
    "policy": {
      "description": "Send to S3 then delete after 10 days":,
      "default_state": "hot",
      "ism_template": [
        { "index_patterns": ["main-*"], "priority": 100 }
      ],
      "states": [
        {
          "name": "hot",
          "actions": [],
          "transitions": [
            { "state_name": "archive", "conditions": { "min_index_age": "10d" } }
          ]
        },
        {
          "name": "archive",
          "actions": [
            {
               "retry": {
               "count": 5,
               "backoff": "exponential",
               "delay": "30m"
            },
              "snapshot": {
                "repository": "main-app-logs-bucket",
                "snapshot": "{{ctx.index}}-{{ctx.execution_time}}"
              }
            }
          ],
          "transitions": [
            { "state_name": "delete" }
          ]
        },
        {
          "name": "delete",
          "actions": [
            { "retry": { "count": 3, "backoff": "exponential", "delay": "1m" }, "delete": {} }
          ],
          "transitions": []
        }
      ]
    }
  }

This get’s an error saying

You have actions that are not allowed in your policy [snapshot].

Looking at AWS RePost, the AWS AI bot, ChatGPT etc there doesn’t seem to be concensus on what the issue is.

We do not have Fine-grained access control enabled.

I would rather not use SnapShot Management to automate snapshots as we want each index to be snapshotted once before being deleted (and allow us to reimport if required).

Would anyone have any suggestions?

pablo · September 22, 2025, 10:29am

@user20250902 What is the exact version of the OpenSearch?

pablo · September 22, 2025, 12:57pm

@user20250902 I’ve created this ISM policy in 2.19.3 with no issues.
Do you get the same error when you create a policy from a scratch?

PUT _plugins/_ism/policies/main-logs-snapshot-and-delete
{
  "policy": {
    "policy_id": "main-logs-snapshot-and-delete",
    "description": "Snapshot to S3 then delete after 10 days",
    "default_state": "hot",
    "schema_version": 1,
    "ism_template": [
      {
        "index_patterns": ["index*"],
        "priority": 100
      }
    ],
    "states": [
      {
        "name": "hot",
        "actions": [],
        "transitions": [
          {
            "state_name": "archive",
            "conditions": {
              "min_index_age": "10d"
            }
          }
        ]
      },
      {
        "name": "archive",
        "actions": [
          {
            "retry": {
              "count": 5,
              "backoff": "exponential",
              "delay": "30m"
            },
            "snapshot": {
              "repository": "my-s3-repository",
              "snapshot": "{{ctx.index}}-{{ctx.execution_time}}"
            }
          }
        ],
        "transitions": [
          {
            "state_name": "delete",
            "conditions": {
              "min_index_age": "10d"   
            }
          }
        ]
      },
      {
        "name": "delete",
        "actions": [
          {
            "retry": {
              "count": 3,
              "backoff": "exponential",
              "delay": "1m"
            },
            "delete": {}
          }
        ],
        "transitions": []
      }
    ]
  }
}

system · November 21, 2025, 12:58pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ISM and SLM combination to manage snapshots and index (i.e. create/delete) DevOps	1	69	August 15, 2025
Q: Enable S3 Snapshotting Without s3:DeleteObject General Feedback troubleshoot , configure	0	278	January 17, 2023
How to auto retension (delete) old snapshots created by ISM policy OpenSearch	2	141	April 1, 2025
Error creating State Management Policies OpenSearch configure , index-management	2	317	October 4, 2023
Snapshot Management policy keeps failing Index Management troubleshoot	4	473	October 1, 2023

Error adding Snapshot action

Related topics