Connecting to existing AWS Elasticsearch

Hey folks,

I am trying to connect Dremio to our existing Elasticsearch instances versions 5.1 and 6.4. I could add the datasource and view all the index, but when I click into an index it throws an error, from the UI I am getting:

Cannot get the number of records in [INDEX]. Please make sure that the user has [read] privilege.

I think I have the correct policy set up in AWS and it looks something like this:

"Action": "es:*",
"Resource": "arn:aws:es:ap-southeast-2:xxxxxx:domain/my-domain/*”

In the Dremio logs it seems to also suggest some privilege issue:

Error encountered: HTTP 403 Forbidden

Any suggestions?