Be sure that the IP addresses specified in the access policy use CIDR notation. Access policies use CIDR notation when checking the IP address against the access policy.
Verify that the IP addresses specified in the access policy are the same ones used to access your cluster. Check the public IP address of your local computer at https://checkip.amazonaws.com/.
Note: If you receive an authorization error, then check to see if you're using a public or private IP address. IP-based access policies can't be applied to OpenSearch Service domains that reside within a virtual private cloud (VPC). This is because security groups already enforce IP-based access policies. If you use public access, then IP-based policies are still available. For more information, see About access policies on VPC domains.
Client that supports request signing
If you're using a client that supports request signing, then check the following:
If your OpenSearch Service domain resides within a VPC, then configure an open access policy with or without a proxy server. Then, use security groups to control access. For more information, see About access policies on VPC domains.