Access private Amazon OpenSearch Service on any AWS account via VPC Endpoints

VPC Endpoint to connect from Account A to Account B

The figure above shows what we will achieve. An application running in Account A on a private subnet gets access through a VPC endpoint to an OpenSearch cluster running in another account on a private subnet. Previously, you had to run a proxy in account B connected to a load balancer that allowed public access, and you had to worry about security yourself.