OpenSearch:Configure the public access whitelist

Prerequisites

• An OpenSearch Vector Search Edition instance is created.

• The public IP address of the device that will access the instance is available. You can look up your IP address through any IP address query service on the Internet.

Procedure

1. Open the Instance Details page in the OpenSearch console.

2. In the Network Information section, check the Public Access status. By default, Public Access is turned off.

3. Turn on Public Access. After you turn on Public Access, a public endpoint is automatically generated for the instance. Use this endpoint to access the instance from on-premises networks or the Internet.

4. Click Public Access Whitelist. The Modify Public Access Whitelist panel opens.

5. Click Edit to enable editing, and then enter one or more IP addresses or CIDR blocks. Separate multiple entries with commas (,).

   Important

   The whitelist takes effect one minute after you save it. If you close the panel without clicking Save, a confirmation message appears. After you confirm, the panel closes and all unsaved edits are discarded.

6. Click Save.

Verification

Verify that the IP address was added to the whitelist by pinging the public endpoint from the whitelisted device.

1. In the Network Information section, copy the public endpoint.

2. Remove the http:// prefix from the endpoint.

3. Run the following command from your device:

      ping <public-endpoint-domain>

4. A successful ping response confirms the IP address is whitelisted.

Troubleshooting

When you access an OpenSearch Vector Search Edition instance through the SDK with the public endpoint, the following error may occur:

Error: 403 Forbidden Response: {'errors': {'code': '403', 'message': 'Forbidden'}}

This error typically indicates an incorrect IP address in the whitelist. To confirm the cause, temporarily add 0.0.0.0/0 to the whitelist and retry the request. If the error resolves, update the whitelist with the correct IP address and remove 0.0.0.0/0.