I have AWS EKS and AWS ES running. I deployed Fluentbit as a Daemonset in EKS and now I want to enable AWS Sigv4 authentication to allow Fluentbit to send logs to the ES cluster. As far as I understand, I need to create an IAM role and provide Fluentbit with AWS_Role_ARN
and AWS_External_ID
.
How do I create a valid IAM role and policy to let Fluentbit securely communicate with the ES cluster?