Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Authorizing connections to Amazon OpenSearch Service

Focus mode
Authorizing connections to Amazon OpenSearch Service - Amazon QuickSight
 Applies to: Enterprise Edition 
   Intended audience: System administrators 

Before you can use OpenSearch in a QuickSight dataset, there are a few tasks for the QuickSight administrator to complete with the cooperation of a person who has access to the OpenSearch console.

To get started, identify each OpenSearch domain that you want to connect to. Then gather the following information for each domain:

  • The name of the OpenSearch domain.

  • The OpenSearch version used by this domain.

  • The Amazon Resource Name (ARN) of the OpenSearch domain.

  • The HTTPS endpoint.

  • The OpenSearch Dashboards URL, if you use Dashboards. You can extrapolate the Dashboards URL by appending "/dashboards/" to an endpoint.

  • If the domain has a VPC endpoint, gather all the related information on the VPC tab of the OpenSearch Service console:

    • The VPC ID

    • The VPC security groups

    • The associated IAM role or roles

    • The associated Availability Zones

    • The associated subnets

  • If the domain has a regular endpoint (not a VPC endpoint), note that it uses the public network.

  • The start hour for the daily automated snapshot (if your users want to know).

Before you proceed, the QuickSight administrator enables authorized connections from QuickSight to OpenSearch Service. This process is required for every AWS service that you connect to from QuickSight. You need to do this only once per AWS account for each AWS service that you use as a data source.

For OpenSearch Service, the authorization process adds the AWS managed policy AWSQuickSightOpenSearchPolicy to your AWS account.

Important

Make sure that the IAM policy for your OpenSearch domain doesn't conflict with the permissions in AWSQuickSightOpenSearchPolicy. You can find the domain access policy in the OpenSearch Service console. For more information, see Configuring access policies in the Amazon OpenSearch Service Developer Guide.

To turn on or turn off connections from QuickSight to OpenSearch Service
  1. Within Amazon QuickSight, choose Administrator and Manage QuickSight.

  2. Choose Security & permissions, Add or remove.

  3. To enable connections, select the Amazon OpenSearch Service check box.

    To disable connections, clear the Amazon OpenSearch Service check box.

  4. Choose Update to confirm your choices.

If needed, use the topics below to configure a OpenSearch VPC connection and permissions for QuickSight to access OpenSearch.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.