Contact UsGet started

Configuring an index policy in Managed Service for OpenSearch

Written by
Updated at May 5, 2025

You can use policies to automate certain operations on indexes. For example, to make your data more secure and available, you can set up a policy that will create a new index if at least one of these conditions is met:

  • Index is over 50 GB in size.
  • Index is over 30 days old.

To configure such a policy:

  1. Create a policy.
  2. Attach the policy to an index.
  3. Test the policy.

If you no longer need the resources you created, delete them.

The support cost includes:

  • Managed Service for OpenSearch cluster fee: using computing resources allocated to hosts (including hosts with the MANAGER role) and disk space (see OpenSearch pricing).
  • Fee for public IP addresses for cluster hosts (see Virtual Private Cloud pricing).

Getting started

  1. Set up your infrastructure:

    1. Create a Managed Service for OpenSearch cluster in desired configuration with public access to a group of hosts with the DATA role.

    2. If using security groups in your cluster, make sure they are configured correctly and allow connecting to the Managed Service for OpenSearch cluster.

    1. If you do not have Terraform yet, install it.

    2. Get the authentication credentials. You can add them to environment variables or specify them later in the provider configuration file.

    3. Configure and initialize a provider. There is no need to create a provider configuration file manually, you can download it.

    4. Place the configuration file in a separate working directory and specify the parameter values. If you did not add the authentication credentials to environment variables, specify them in the configuration file.

    5. Download the opensearch-index-policy.tf configuration file to the same working directory. This file describes:

      • Network.
      • Subnet.
      • Security group and rules required to connect to a Managed Service for OpenSearch cluster.
      • Managed Service for OpenSearch cluster.

    6. In the opensearch-index-policy.tf file, specify these variables:

      • version: OpenSearch version.
      • admin_password: OpenSearch admin password.

    7. Make sure the Terraform configuration files are correct using this command:

      terraform validate

      If there are any errors in the configuration files, Terraform will point them out.

    8. Create the required infrastructure:

      1. Run this command to view the planned changes:

        terraform plan

        If you described the configuration correctly, the terminal will display a list of the resources to update and their parameters. This is a verification step that does not apply changes to your resources.

      2. If everything looks correct, apply the changes:

        1. Run this command:

          terraform apply

        2. Confirm updating the resources.

        3. Wait for the operation to complete.

      All the required resources will be created in the specified folder. You can check resource availability and their settings in the management console.

  2. Install an SSL certificate.

  3. Check the connection to the cluster using cURL:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --request GET 'https://<FQDN_of_the_OpenSearch_host_with_the_DATA_role>:9200/'

    You can obtain the host FQDN with a list of hosts in the cluster.

    A message like this is displayed if the connection is successful:

    {
  "name" : "....mdb.yandexcloud.net",
  "cluster_name" : "...",
  "cluster_uuid" : "...",
  "version" : {
  "distribution" : "opensearch",
  ...
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Create a policy

  1. Create a policy to roll over an alias to a new index:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --header 'Content-Type: application/json' \
    --request PUT 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/_plugins/_ism/policies/rollover_policy' \
    --data '
        {
            "policy": {
                "description": "Example rollover policy",
                "default_state": "rollover",
                "schema_version": 1,
                "states": [
                    {
                        "name": "rollover",
                        "actions": [
                            {
                                "rollover": {
                                    "min_index_age": "1h",
                                    "min_primary_shard_size": "500b"
                                }
                            }
                        ],
                        "transitions": []
                    }
                ],
                "ism_template": {
                    "index_patterns": ["log*"],
                    "priority": 100
                }
            }
        }'

    Where:

    • min_index_age: Age an index must reach before a new index is created. The recommended value is 30 days (30d).
    • min_primary_shard_size: Size of one of the main index segments. As soon as this size is reached, a new index will be created. The recommended value is 50 GB (50gb).
    • index_patterns: Template for a new index name.

    To quickly test the policy, we reduced the recommended values to 1 hour and 500 bytes in the request example.

  2. Configure an index template with the log alias assigned to the policy:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --header 'Content-Type: application/json' \
    --request PUT 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/_index_template/ism_rollover?pretty' \
    --data '
        {
            "index_patterns": ["log*"],
            "template": {
                "settings": {
                    "plugins.index_state_management.rollover_alias": "log"
                }
            }
        }'

Attach the policy to an index

  1. Create the log-000001 index with the log alias:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --header 'Content-Type: application/json' \
    --request PUT 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/log-000001?pretty' \
    --data '
        {
            "aliases": {
                "log": {
                    "is_write_index": true
                }
            }
        }'

  2. Check if the policy is attached to the index:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --header 'Content-Type: application/json' \
    --request GET 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/_plugins/_ism/explain/log-000001?pretty'

    You will get a message like this in the results:

    {
  "log-000001" : {
    "index.plugins.index_state_management.policy_id" : "rollover_policy",
    "index.opendistro.index_state_management.policy_id" : "rollover_policy",
    "index" : "log-000001",
    "index_uuid" : "...",
    "policy_id" : "rollover_policy",
    "enabled" : true
  },
  "total_managed_indices" : 1
}

Test the policy

  1. Add a document to the index:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --header 'Content-Type: application/json' \
    --request POST 'https://<address_of_OpenSearch_host_with_DATA_role>:9200/log/_doc?pretty' \
    --data '
        {
            "num": "101",
            "name": "Valya",
            "age": "25"
        }'

  2. Get a list of indexes five minutes after the document is created:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --header 'Content-Type: application/json' \
    --request GET '<address_of_OpenSearch_host_with_DATA_role>:9200/_cat/indices?pretty'

    Five minutes is the default time to check policy conditions again.

    The output should display the log-000001 and log-000002 indexes:

    yellow open log-000001 ... 1 1 0 0 5.1kb 5.1kb
yellow open log-000002 ... 1 1 0 0  208b  208b

  3. Optionally, you can get the index list again one hour after creating the index.

    The output should display the log-000001, log-000002, and log-000003 indexes:

    yellow open log-000001 ... 1 1 0 0 5.1kb 5.1kb
yellow open log-000002 ... 1 1 0 0  208b  208b
yellow open log-000003 ... 1 1 0 0    0b    0b

    One hour is the policy condition for creating a new index.

Delete the resources you created

Some resources are not free of charge. To avoid paying for them, delete the resources you no longer need:

  1. In the terminal window, go to the directory containing the infrastructure plan.

    Warning

    Make sure the directory has no Terraform manifests with the resources you want to keep. Terraform deletes all resources that were created using the manifests in the current directory.

  2. Delete resources:

    1. Run this command:

      terraform destroy

    2. Confirm deleting the resources and wait for the operation to complete.

    All the resources described in the Terraform manifests will be deleted.

Previous
Monitoring the state of clusters and hosts
Next
Authentication in OpenSearch Dashboards using Keycloak