All Products
Search
Document Center

OpenSearch:Configure the public access whitelist

Last Updated:Nov 07, 2024

An OpenSearch Vector Search Edition instance is deployed in a virtual private cloud (VPC). Therefore, you cannot directly access the instance by using the API endpoint from an on-premises environment or the Internet. In this case, you must add the IP address of the device from which you want to access the instance to the public access whitelist of the instance. To do so, perform the following steps:

Go to the Instance Details page in the OpenSearch console.

image.png

In the Network Information section, check the Public Access configuration. By default, Public Access is turned off, as shown in the following figure.

image.png

Turn on Public Access.

image.png

Click Public Access Whitelist. In the Modify Public Access Whitelist panel, you can edit the whitelist. If you do not click Save before you close the panel, a message appears. After you confirm the message, the panel is closed and the information that you edit is not saved.

Note

After you turn on Public Access, a public endpoint is automatically generated for the OpenSearch Vector Search Edition instance. This endpoint is used to access the instance from an on-premises environment or the Internet.

Edit the whitelist. In the Modify Public Access Whitelist panel, enter one or more IP addresses. Separate multiple IP addresses with commas (,), as shown in the following figure.

image.png

You can query the IP address of your device by using an IP address query service on the Internet.

Check whether the IP addresses are added to the whitelist. On the device whose IP address is added to the whitelist, ping the public endpoint of the instance.

image.png

Copy the public endpoint.

image.png

Remove the http:// prefix from the endpoint and ping the remaining domain name on your device.

image.png

If the ping operation is successful, the IP address is added to the whitelist.

Note:

If you use an SDK to access an OpenSearch Vector Search Edition instance by using the public endpoint, an error message similar to the following content may be returned:

Error: 403 Forbidden Response: {'errors': {'code': '403', 'message': 'Forbidden'}}

This error may be caused by an incorrect IP address configuration. You can temporarily add 0.0.0.0/0 to the whitelist to check whether the error is caused by an incorrect IP address configuration.