An OpenSearch Vector Search Edition instance is deployed in a virtual private cloud (VPC). Therefore, you cannot directly access the instance by using the API endpoint from an on-premises environment or the Internet. In this case, you must add the IP address of the device from which you want to access the instance to the public access whitelist of the instance. To do so, perform the following steps:
Go to the Instance Details page in the OpenSearch console.
In the Network Information section, check the Public Access configuration. By default, Public Access is turned off, as shown in the following figure.
Turn on Public Access.
Click Public Access Whitelist. In the Modify Public Access Whitelist panel, you can edit the whitelist. If you do not click Save before you close the panel, a message appears. After you confirm the message, the panel is closed and the information that you edit is not saved.
After you turn on Public Access, a public endpoint is automatically generated for the OpenSearch Vector Search Edition instance. This endpoint is used to access the instance from an on-premises environment or the Internet.
Edit the whitelist. In the Modify Public Access Whitelist panel, enter one or more IP addresses. Separate multiple IP addresses with commas (,), as shown in the following figure.
You can query the IP address of your device by using an IP address query service on the Internet.
Check whether the IP addresses are added to the whitelist. On the device whose IP address is added to the whitelist, ping the public endpoint of the instance.
Copy the public endpoint.
Remove the http:// prefix from the endpoint and ping the remaining domain name on your device.
If the ping operation is successful, the IP address is added to the whitelist.
Note:
If you use an SDK to access an OpenSearch Vector Search Edition instance by using the public endpoint, an error message similar to the following content may be returned:
Error: 403 Forbidden Response: {'errors': {'code': '403', 'message': 'Forbidden'}}
This error may be caused by an incorrect IP address configuration. You can temporarily add 0.0.0.0/0 to the whitelist to check whether the error is caused by an incorrect IP address configuration.