Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Getting started with Managed Service for OpenSearch

Written by
Improved by
Updated at February 4, 2026

To get started:

  1. Create a cluster.
  2. Configure security groups.
  3. Connect to the cluster.
  4. Connect to OpenSearch Dashboards.

Getting started

  1. Log in to the management console or sign up if you do not have an account yet.

  2. If you do not have a folder yet, create one:

    1. In the management console, in the top panel, click and select the cloud.

    2. To the right of the cloud name, click .

    3. Select Create folder .

      create-folder1

    4. Give your folder a name. The naming requirements are as follows:

      • Length: between 3 and 63 characters.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    5. Optionally, specify the description for your folder.

    6. Select Create a default network. This will create a network with subnets in each availability zone. Within this network, you will also have a default security group, within which all network traffic will be allowed.

    7. Click Create.

      create-folder2

  3. Assign the vpc.user role and the managed-opensearch.editor role or higher to your Yandex Cloud account. These roles allow you to create a cluster.

    To attach the service account to a cluster, e.g., to use Yandex Object Storage, your account also needs the iam.serviceAccounts.user role or higher.

    Note

    If you cannot manage roles, contact your cloud or organization administrator.

  4. You can connect to an OpenSearch cluster both from inside Yandex Cloud and from the internet:

Note

This guide deals with connecting to the cluster from the internet.

Create a cluster

  1. In the management console, select the folder where you want to create a cluster.

  2. Navigate to the Managed Service for OpenSearch service.

  3. Click Create cluster. For more information, see Creating a cluster.

  4. Configure the cluster.

    To access the OpenSearch Dashboards web interface, request public access. To do this, navigate to Virtual node group with the Dashboards group type and select Public access.

    Tip

    You can use OpenSearch Dashboards even if you cannot get public access to your hosts, e.g., for security reasons. To do this, proxy the connections via the virtual machine in Yandex Compute Cloud that resides in the same network as the cluster. For more information, see Connecting to OpenSearch Dashboards.

  5. Click Create cluster.

  6. Wait until the cluster is ready: its status on the Managed Service for OpenSearch dashboard will switch to Creating and then to Alive. This may take a while.

Configure security groups

To connect to a cluster, security groups must include rules allowing traffic from certain ports, IP addresses, or from other security groups.

Settings of access policies depend on the connection method you select:

Configure all the cluster security groups to allow incoming traffic on ports 443 (Dashboards) and 9200 (OpenSearch) from any IP address. To do this, create the following rules for incoming traffic:

  • Port range: 443 and 9200
  • Protocol: TCP
  • Source: CIDR
  • CIDR blocks: 0.0.0.0/0

Create a separate rule for each port.

  1. Configure all the cluster security groups to allow incoming traffic on ports 443 (Dashboards) and 9200 (OpenSearch) from your VM’s security group. To do this, create the following rules for incoming traffic in these security groups:

    • Port range: 443 and 9200
    • Protocol: TCP
    • Source: Security group
    • Security group: If your cluster and VM share the same security group, select Current (Self). Otherwise, specify the VM security group.

    Create a separate rule for each port.

  2. Configure all the security groups assigned to your VM to allow connections to the VM and traffic between the VM and cluster hosts.

    For example, you can set the following rules for your VM:

    • For incoming traffic:

      • Port range: 22, 443, 9200
      • Protocol: TCP
      • Source: CIDR
      • CIDR blocks: 0.0.0.0/0

      Create a separate rule for each port.

    • For outgoing traffic:

      • Port range: 0-65535
      • Protocol: Any (Any)
      • Destination name: CIDR
      • CIDR blocks: 0.0.0.0/0

      This rule allows all outgoing traffic, thus enabling you not only to connect to the cluster but also to install the certificates and utilities your VM needs for connection.

Note

You can specify more granular rules for your security groups, e.g., to allow traffic only in specific subnets.

Make sure to configure the security groups correctly for all subnets where the cluster hosts will reside. With incomplete or incorrect security group settings, you may lose access to the cluster.

For more information about security groups, see Security groups.

Connect to the cluster

Follow all the steps below on your Linux-based machine.

To connect to your cluster:

  1. Install an SSL certificate:

    mkdir -p ~/.opensearch && \
wget "https://storage.yandexcloud.net/cloud-certs/CA.pem" \
     --output-document ~/.opensearch/root.crt && \
chmod 0600 ~/.opensearch/root.crt

    The certificate will be saved to the ~/.opensearch/root.crt file.

    mkdir $HOME\.opensearch; curl.exe -o $HOME\.opensearch\root.crt https://storage.yandexcloud.net/cloud-certs/CA.pem

    The certificate will be saved to the $HOME\.opensearch\root.crt file.

    Your corporate security policies and antivirus software may block the certificate download. For more information, see FAQ.

  2. Connect to the cluster using cURL:

    curl \
    --user admin:<password> \
    --cacert ~/.opensearch/root.crt \
    --request GET 'https://<FQDN_of_OpenSearch_host_with_DATA_role>:9200/'

    To connect, enter admin for the username and the password you set when creating the cluster.

    If the connection is successful, you will see a message like this:

    {
  "name" : "....mdb.yandexcloud.net",
  "cluster_name" : "...",
  "cluster_uuid" : "...",
  "version" : {
  "distribution" : "opensearch",
  ...
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

Connect to OpenSearch Dashboards

  1. In your browser, connect to the OpenSearch Dashboards web interface:

    1. Make sure hosts with the DASHBOARDS role are publicly accessible.

    2. Install the SSL certificate in your browser's store of trusted root certificates (see the instructions for Mozilla Firefox here).

    3. On the cluster page in the management console, click OpenSearch Dashboards or go to https://c-<OpenSearch_cluster_ID>.rw.mdb.yandexcloud.net> in your browser.

    4. Enter admin for the username and the password you set when creating the cluster.

  2. Explore a set of sample data:

    1. On the OpenSearch Dashboards welcome screen, click Add sample data.
    2. Next, click View data for the dataset in question.

Learn more about using OpenSearch Dashboards in this OpenSearch guide.

What's next

Next
All guides