Access private Amazon OpenSearch Service on any AWS account via VPC Endpoints
The figure above shows what we will achieve. An application running in Account A on a private subnet gets access through a VPC endpoint to an OpenSearch cluster running in another account on a private subnet. Previously, you had to run a proxy in account B connected to a load balancer that allowed public access, and you had to worry about security yourself.
Register an authorized principal
Before you can create a VPC endpoint from the account that wants to access the OpenSearch service, you must allow the account access from your domain. In the AWS Management Console, select your OpenSearch Service domain and click the VPC Endpoints tab. There is a section called Authorized Principals. Click the Authorize Principal button on the right and add the account ID that you want to gain access.