Resolving Insufficient Permission Error When Deleting an AWS OpenSearch Index

Issue: Unable to Delete Elasticsearch Index Due to Insufficient Permissions

Symptoms:

• Users encounter an error when attempting to delete an AWS OpenSearch index from the Mattermost system console.

• The error message appears in the Mattermost console and server logs.

• The log reports a 403 Forbidden error with a security exception.

Example Error Message:

error [2025-03-28 14:07:34.426 +09:00] Failed to delete Elasticsearch index caller="web/context.go:115" path=/api/v4/elasticsearch/purge_indexes request_id=srs3jdkfxtbwbrtmnhtuszkc8r ip_addr=192.178.191.25 user_id=pqd4xin7yf8y3dxk9uh7iys9xa method=POST err_where=Elasticsearch.PurgeIndexes http_code=500 error="Elasticsearch.PurgeIndexes: Failed to delete Elasticsearch index, elastic: Error 403 (Forbidden): no permissions for [] and User [name=admin, backend_roles=[], requestedTenant=null] [type=security_exception]"

Cause:

• The admin user does not have sufficient permissions to delete indexes in OpenSearch.

• Some system indices in AWS OpenSearch are protected and cannot be deleted.

Workaround:

• Identify protected system indices that cannot be deleted using the following command:

  curl -u USER:PASS http://<HOSTNAME>/_cat/indices?v=true
  

• Any index that starts with a period (.) is considered a system index and cannot be deleted manually.

• To prevent Mattermost from attempting to purge these protected indices, configure the IgnoredPurgeIndexes setting in Mattermost with comma-separated values of system indices:

  "IgnoredPurgeIndexes": ".opendistro*,.security*"
  

Next Steps:

• Implement the workaround by updating the Elasticsearchsettings.IgnoredPurgeIndexes  configuration(config.json) in Mattermost.

• If further issues persist, check AWS OpenSearch official documentation for managing permissions and index deletions.