Creating a custom endpoint for Amazon OpenSearch Service - Amazon OpenSearch Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating a custom endpoint for Amazon OpenSearch Service

Creating a custom endpoint for your Amazon OpenSearch Service domain makes it easier for you to refer to your OpenSearch and OpenSearch Dashboards URLs. You can include your company's branding or just use a shorter, easier-to-remember endpoint than the standard one.

If you ever need to switch to a new domain, just update your DNS to point to the new URL and continue using the same endpoint as before.

You secure custom endpoints by either generating a certificate in Amazon Certificate Manager (ACM) or importing one of your own.

Custom endpoints for new domains

You can enable a custom endpoint for a new OpenSearch Service domain using the OpenSearch Service console, Amazon CLI, or configuration API.

To customize your endpoint (console)
  1. From the OpenSearch Service console, choose Create domain and provide a name for the domain.

  2. Under Custom endpoint, select Enable custom endpoint.

  3. For Custom hostname, enter your preferred custom endpoint hostname. The hostname should be a fully qualified domain name (FQDN), such as or


    If you don't have a wildcard certificate you must obtain a new certificate for your custom endpoint's subdomains.

  4. For Amazon certificate, choose the SSL certificate to use for your domain. If no certificates are available, you can import one into ACM or use ACM to provision one. For more information, see Issuing and Managing Certificates in the Amazon Certificate Manager User Guide.


    The certificate must have the custom endpoint name and be in the same account as your OpenSearch Service domain. The certificate status should be ISSUED.

    • Follow the rest of the steps to create your domain and choose Create.

    • Select the domain when it's finished processing to view your custom endpoint.

    To use the CLI or configuration API, use the CreateDomain and UpdateDomainConfig operations. For more information, see the Amazon CLI Command Reference and Amazon OpenSearch Service API Reference.

Custom endpoints for existing domains

To add a custom endpoint to an existing OpenSearch Service domain, choose Edit and perform steps 2–4 above.

Next steps

After you enable a custom endpoint for your OpenSearch Service domain, you must create a CNAME mapping in Amazon Route 53 (or your preferred DNS service provider). You do this to route traffic to the custom endpoint and its subdomains. Without this mapping, your custom endpoint won't work. For steps to create this mapping in Route 53, see Configuring DNS routing for a new domain and Creating a hosted zone for a subdomain. For other providers, consult their documentation.

Create a CNAME record that points the custom endpoint to the automatically generated domain endpoint. If your domain is dual stack, you can point your CNAME record to either of the two service generated endpoints. The dual stack capabilty of the custom endpoint depends on the service generated endpoint that you point the CNAME record to. The custom endpoint hostname is the name of the CNAME record, and the domain endpoint hostname is the value of the CNAME record.

If you use SAML authentication for OpenSearch Dashboards, you must update your IdP with the new SSO URL.