Access private Amazon OpenSearch Service on any AWS account via VPC Endpoints

Stefan Pöltl
3 min readJul 18, 2023
VPC Endpoint to connect from Account A to Account B

The figure above shows what we will achieve. An application running in Account A on a private subnet gets access through a VPC endpoint to an OpenSearch cluster running in another account on a private subnet. Previously, you had to run a proxy in account B connected to a load balancer that allowed public access, and you had to worry about security yourself.

Register an authorized principal

Before you can create a VPC endpoint from the account that wants to access the OpenSearch service, you must allow the account access from your domain. In the AWS Management Console, select your OpenSearch Service domain and click the VPC Endpoints tab. There is a section called Authorized Principals. Click the Authorize Principal button on the right and add the account ID that you want to gain access.

Setup the VPC endpoint on the accessing account

--

--

Stefan Pöltl
Stefan Pöltl

No responses yet