OpenSearch dashboard access from other VPC
Hi all
I configured Amazon OpenSearch in a VPC. To access the dashboard from other VPC in another account, proxy setting is the only way?
Thanks.
- トピック
- 分析
- 言語
- English
- 新しい順
- 投票が多い順
- コメントが多い順
To access an Amazon OpenSearch Service dashboard that's deployed in a VPC from another VPC in a different account, you have several options:
-
Create a proxy - You can set up a highly available NGINX proxy cluster that allows access to OpenSearch Dashboards. The Centralized Logging with OpenSearch solution provides this capability, creating an infrastructure that allows you to access the dashboard from outside the VPC.
-
Use AWS Systems Manager with tunneling - You can access the OpenSearch Service dashboard securely by using AWS Systems Manager to create a tunnel to an instance and leverage port-forwarding to the dashboard. This approach requires obtaining a proxy instance name and establishing a tunnel using the AWS CLI.
-
Create a VPC endpoint - For OpenSearch Serverless, you can create a VPC endpoint in the client VPC to enable private access to the APIs and dashboard. You would need to configure the appropriate network policies to allow access from specific VPC endpoints.
-
Use an inbound DNS resolver endpoint - For private access to dashboards from your corporate network, you can use an inbound DNS resolver endpoint to ensure DNS queries return the correct private IP addresses.
Each approach has different security implications and setup requirements. The proxy method is commonly used when you need to access the dashboard from outside the VPC where OpenSearch is deployed, while VPC endpoints provide a more direct private connection between VPCs.
Sources
Access the OpenSearch Service dashboard - Scene Intelligence with Rosbag on AWS
Access proxy - Centralized Logging with OpenSearch
Troubleshoot OpenSearch Serverless errors | AWS re:Post
