Creating a custom endpoint for Amazon OpenSearch Service - Amazon OpenSearch Service (successor to Amazon Elasticsearch Service)
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Creating a custom endpoint for Amazon OpenSearch Service

Creating a custom endpoint for your Amazon OpenSearch Service domain makes it easier for you to refer to your OpenSearch and OpenSearch Dashboards URLs. You can include your company's branding or just use a shorter, easier-to-remember endpoint than the standard one.

If you ever need to switch to a new domain, just update your DNS to point to the new URL and continue using the same endpoint as before.

You secure custom endpoints by either generating a certificate in Amazon Certificate Manager (ACM) or importing one of your own.

Custom endpoints for new domains

You can enable a custom endpoint for a new OpenSearch Service domain using the OpenSearch Service console, Amazon CLI, or configuration API.

To customize your endpoint (console)

  1. From the OpenSearch Service console, choose Create domain and provide a name for the domain.

  2. Under Custom endpoint, select Enable custom endpoint.

  3. For Custom hostname, enter your preferred custom endpoint hostname. The hostname should be a fully qualified domain name (FQDN), such as www.yourdomain.com or example.yourdomain.com.

    Note

    If you don't have a wildcard certificate you must obtain a new certificate for your custom endpoint's subdomains.

  4. For Amazon certificate, choose the SSL certificate to use for your domain. If no certificates are available, you can import one into ACM or use ACM to provision one. For more information, see Issuing and Managing Certificates in the Amazon Certificate Manager User Guide.

    Note

    The certificate must have the custom endpoint name and be in the same account as your OpenSearch Service domain. It should either use RSA-1024 or RSA-2048 as its public key algorithm, and the certificate status should be ISSUED.

    • Follow the rest of the steps to create your domain and choose Create.

    • Select the domain when it's finished processing to view your custom endpoint.

    To use the CLI or configuration API, use the CreateDomain and UpdateDomainConfig operations. For more information, see the Amazon CLI Command Reference and Configuration API reference for Amazon OpenSearch Service.

Custom endpoints for existing domains

To add a custom endpoint to an existing OpenSearch Service domain, choose Edit and perform steps 2–4 above.

Next steps

After you enable a custom endpoint for your OpenSearch Service domain, you must create a CNAME mapping in Amazon Route 53 (or your preferred DNS service provider) to route traffic to the custom endpoint and its subdomains. Create the CNAME from the custom endpoint (the name of the record) to the auto-generated endpoint (the value of the record). Without this mapping, your custom endpoint won't work. For steps to create this mapping in Route 53, see Configuring DNS routing for a new domain and Creating a hosted zone for a subdomain. For other providers, consult their documentation.

If you use SAML authentication for OpenSearch Dashboards, you must update your IdP with the new SSO URL.