Append-Only Index for Life

We currently write audit logs and metrics to an elasticsearch index.
I'm trying to find a way to prevent a VM admin user from logging into the VM that runs elasticsearch and being able to delete or update audit log documents in an index.

The best I can come up with is RBAC, but as far as I can see that doesn't prevent an admin from giving themselves the necessary access, performing an update or delete, and then removing the access again.

Is it possible to have an elasticsearch index that is append-only from the outset, with no chance of changing it at all?

Not directly, no.
You'd need to build a policy that only provides read only access to the indices, while restricting escalation assignment.