The OpenSearch sink can send trace data to an OpenSearch cluster by administrative credentials as follows:
sink:
- opensearch:
...
username: "admin"
password: "<admin password>"
or by using user credential assigned with a role that has the below required permissions.
cluster_allindices:admin/template/getindices:admin/template/put
Note that indices:admin/template/* need to be in cluster permissions.
Index:otel-v1*;Index permissions:indices_allIndex:.opendistro-ism-config;Index permissions:indices_allIndex:*;Index permission:manage_aliases
Field level security and Anonymization should be left with default values.
With administrative privilege, one can create an internal user, a role and map the user to the role by following the OpenSearch Users and roles documentation.