Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Networking in Managed Service for OpenSearch

Written by
Updated at January 27, 2026

When creating a cluster, you can:

  • Specify a network for the entire cluster.
  • Specify subnets for each host in the cluster.
  • Request public access to connect to the cluster host groups from outside Yandex Cloud.

You can create a cluster without specifying any subnets for hosts if the availability zone for each host contains only one subnet of the cluster network.

Host name and FQDN

Managed Service for OpenSearch generates a name for each cluster host when creating it. This name will be the host's fully qualified domain name (FQDN). You cannot change the host name and, consequently, FQDN.

To learn how to get a host FQDN, see this guide.

You can use the FQDN to access the host within a single cloud network. For more information, see this Yandex Virtual Private Cloud guide.

Public access to a host

Any cluster host will be accessible from outside Yandex Cloud if you requested public access when creating the host group or updating its configuration. To connect to such a host, use its FQDN.

When deleting a host group with public FQDNs, the assigned IP addresses are revoked.

Security groups

Security groups follow the All traffic that is not allowed is prohibited principle. To connect to a cluster, security groups must include rules allowing traffic from certain ports, IP addresses, or other security groups.

For example, let's assume public access is enabled for a Dashboards host group. If there is no security group rule that allows connecting to it from the internet on port 443, you will not be able to connect to the web interface. You will not be able to access an OpenSearch host group either, unless it has a security group rule that explicitly allows incoming traffic on port 9200.

Tip

If you connect to a cluster from within its cloud network, configure security groups both for the cluster and the connecting host.

Features of using security groups:

  • Even if the cluster and host share the same security group, you still need rules allowing traffic between them to be able to connect to the cluster from the host. By default, such rules are included in the security group created along with the cloud network. These are the Self rules that allow unlimited traffic within the security group.

  • Security group settings only determine whether connecting to the cluster is possible. They do not affect cluster features, such as replication, sharding, and backups.

For more information, see this Virtual Private Cloud article.

Use cases

Previous
Host classes
Next
Quotas and limits