- Newest
- Most votes
- Most comments
The domain access policy for OpenSearch Serverless can be found and configured in the Amazon OpenSearch Service console.
When you create or select an OpenSearch Serverless domain (COLLECTION), you can view and edit the access policy settings from the "Security and access policies" section.
This allows you to configure permissions for:
Network access - Specify IP ranges or VPCs that can access the OpenSearch endpoint.
Data access policies - Control access to indices and documents down to the field level.
Fine-grained access control - Restrict user permissions within OpenSearch Dashboards.
You can attach IAM policies to allow management of these access policies. For example, to update network access policies for a specific collection.
Configure your domain access policy to allow anonymous access. By default it is restricted to authenticated users only. In the domain access policy, add a statement allowing the "" principal to perform the "es:" actions.
This will open up access to both the OpenSearch API endpoint and the dashboard URL to unauthenticated public users. You can also restrict access to specific IP ranges or CIDR blocks if you don't want fully public access.
Be aware that allowing anonymous access may pose security risks, so only do this for non-sensitive data or dashboards. For sensitive use cases, use Amazon Cognito authentication instead.
I think what you are saying is applicable for opensearch alone and not opensearch serverless. I dont see domain access policy / congnito access options in opensearch serverless although I can see the options under opensearch. Please clarify.
Relevant content
- asked 6 months ago
- asked 7 months ago
- asked 7 months ago
AWS OFFICIALUpdated 2 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
Hi Thanks for th reply. But I cant find Fine-grained access control under opensearch serverless. Network access is set to public. But still getting 403.