OpenSearch as data source for QuickSight

The error you're experiencing with connecting Amazon QuickSight to your OpenSearch domain likely requires additional permission configurations. Even though you've updated QuickSight security permissions and the domain is publicly accessible, there are a few more steps to ensure proper connectivity:

1. First, verify that the IAM policy for your OpenSearch domain doesn't conflict with the permissions in the AWSQuickSightOpenSearchPolicy. This policy needs to be properly applied to your AWS account to authorize connections from QuickSight to OpenSearch Service.

2. For OpenSearch domains with fine-grained access control enabled (which is likely your case based on the error), you need to configure additional permissions in OpenSearch itself:

• Use OpenSearch Dashboards to create a role (typically named "quicksight_role")
• Add necessary permissions to this role, including cluster monitoring permissions and index-level permissions for reading data
• Create a role mapping to associate this role with the AWS-managed IAM role for QuickSight

3. Make sure a QuickSight administrator has properly authorized the connection to OpenSearch Service through the QuickSight security and permissions settings.

These steps should help resolve the connection issue you're experiencing. The error suggests that while QuickSight can see your domain, it doesn't have the proper permissions to access the data within it.
Sources
Using Amazon OpenSearch Service with Amazon QuickSight - Amazon QuickSight
Using OpenSearch permissions - Amazon QuickSight
Authorizing connections to Amazon OpenSearch Service - Amazon QuickSight