Applies to: Enterprise Edition |
Intended audience: System administrators |
Before you can use OpenSearch in a QuickSight dataset, there are a few tasks for the QuickSight administrator to complete with the cooperation of a person who has access to the OpenSearch console.
To get started, identify each OpenSearch domain that you want to connect to. Then gather the following information for each domain:
-
The name of the OpenSearch domain.
-
The OpenSearch version used by this domain.
-
The Amazon Resource Name (ARN) of the OpenSearch domain.
-
The HTTPS endpoint.
-
The OpenSearch Dashboards URL, if you use Dashboards. You can extrapolate the Dashboards URL by appending "
/dashboards/
" to an endpoint. -
If the domain has a VPC endpoint, gather all the related information on the VPC tab of the OpenSearch Service console:
-
The VPC ID
-
The VPC security groups
-
The associated IAM role or roles
-
The associated Availability Zones
-
The associated subnets
-
-
If the domain has a regular endpoint (not a VPC endpoint), note that it uses the public network.
-
The start hour for the daily automated snapshot (if your users want to know).
Before you proceed, the QuickSight administrator enables authorized connections from QuickSight to OpenSearch Service. This process is required for every AWS service that you connect to from QuickSight. You need to do this only once per AWS account for each AWS service that you use as a data source.
For OpenSearch Service, the authorization process adds the AWS managed policy
AWSQuickSightOpenSearchPolicy
to your AWS account.
Important
Make sure that the IAM policy for your OpenSearch domain doesn't conflict
with the permissions in AWSQuickSightOpenSearchPolicy
. You can
find the domain access policy in the OpenSearch Service console. For more information, see
Configuring access
policies in the Amazon OpenSearch Service Developer
Guide.
To turn on or turn off connections from QuickSight to OpenSearch Service
-
Within Amazon QuickSight, choose Administrator and Manage QuickSight.
-
Choose Security & permissions, Add or remove.
-
To enable connections, select the Amazon OpenSearch Service check box.
To disable connections, clear the Amazon OpenSearch Service check box.
-
Choose Update to confirm your choices.
If needed, use the topics below to configure a OpenSearch VPC connection and permissions for QuickSight to access OpenSearch.