Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Configuring access to Object Storage from an OpenSearch cluster

Written by
Updated at October 15, 2025

Managed Service for OpenSearch supports using Yandex Object Storage as an OpenSearch snapshot repository. This allows you to use Object Storage to store backups. For more information about snapshot repositories, see the OpenSearch documentation.

To access Object Storage bucket data from a cluster:

  1. Attach the service account to the cluster.
  2. Configure access permissions.
  3. Connect a snapshot repository.

Before you begin, assign the iam.serviceAccounts.user role or higher to your Yandex Cloud account. You will need this role in the following cases:

  • To create or update a cluster and link it to a service account.
  • To restore a cluster linked to a service account from its backup.

Assign the service account to the cluster

  1. When creating or updating a cluster, either select an existing service account or create a new one.

  2. Assign the storage.editor role to this account.

Configure access permissions

  1. In the management console, select the folder with the appropriate bucket. If there is no such bucket, create one.

  2. Select Object Storage.

  3. Select the Buckets tab.

  4. Set up the bucket ACL:

    1. In the Select a user drop-down list, specify the service account assigned to the cluster.
    2. Set the READ and WRITE permissions for this service account.
    3. Click Add and Save.

Connect a snapshot repository

Alert

If a bucket is registered in an OpenSearch cluster as a snapshot repository, do not edit the bucket contents manually as this will disrupt the OpenSearch snapshot mechanism.

  1. Connect to the cluster.

  2. Register the bucket as a snapshot repository using the public OpenSearch API:

    PUT --cacert ~/.opensearch/root.crt https://admin:<password>@<ID_of_OpenSearch_host_with_DATA_role>.mdb.yandexcloud.net:9200/_snapshot/<repository_name>

    In the request parameters, specify the bucket associated with the cluster service account:

    curl --request PUT \
     "https://admin:<password>@<ID_of_OpenSearch_host_with_DATA_role>.mdb.yandexcloud.net:9200/_snapshot/<repository_name>" \
     --cacert ~/.opensearch/root.crt \
     --header "Content-Type: application/json" \
     --data '{
       "type": "s3",
       "settings": {
         "endpoint": "storage.yandexcloud.net",
         "bucket": "<bucket_name>"
       }
     }'
Previous
Managing backups
Next
Deleting a cluster