Applications AWS

OpenSearch 3.6 on AWS — cloudimg User Guide

| Product: opensearch

OpenSearch 3.6 on AWS

This guide covers launching the OpenSearch 3.6 + OpenSearch Dashboards 3.6 AMI from AWS Marketplace, retrieving your per-instance credentials, and performing common operations via the REST API and the Dashboards web UI.

Prerequisites

  • An AWS account with permission to launch EC2 instances from Marketplace AMIs.
  • The security group attached to your instance must allow inbound TCP on:
  • Port 22 — SSH (your IP only, or a bastion)
  • Port 9200 — OpenSearch REST API (restrict to trusted networks)
  • Port 5601 — OpenSearch Dashboards (restrict to trusted networks)

Launching the Instance

  1. Find OpenSearch 3 | Support by cloudimg in AWS Marketplace and click Continue to Subscribe.
  2. Accept the terms, then click Continue to Configuration.
  3. Choose Ubuntu 24.04 as the fulfilment option and select your region.
  4. Click Continue to LaunchLaunch from EC2Launch Instance in EC2.
  5. Select at least t3.medium (2 vCPU, 4 GB RAM). Larger sizes improve indexing throughput.
  6. Attach the security group described above.
  7. Add a second EBS volume (30 GiB gp3 recommended) for OpenSearch data. The AMI uses /dev/sdb/var/lib/opensearch/data.
  8. Launch and connect via SSH as the ubuntu user.

First Boot

On the very first boot a one-shot systemd service (opensearch-firstboot.service) runs automatically. It:

  1. Waits for OpenSearch to become reachable on port 9200 (HTTPS).
  2. Generates a unique 20-character alphanumeric admin password.
  3. Applies the password via securityadmin.sh — the only mechanism that can update reserved users in OpenSearch 3.x.
  4. Writes the credentials to /root/opensearch-credentials.txt (permissions 0600, readable by root only).

The service completes within 30–60 seconds of OpenSearch being ready. Both services (opensearch.service and opensearch-dashboards.service) start automatically on every subsequent boot.

Retrieving Your Admin Password

sudo cat /root/opensearch-credentials.txt

Example output:

# OpenSearch 3.6 -- Per-Instance Credentials
# Generated on first boot: Wed May 27 21:54:24 UTC 2026
#
opensearch.admin.user=admin
opensearch.admin.password=zj663JXbm3qZSknzA3SW
opensearch.rest.url=https://172.31.84.119:9200
opensearch.dashboards.url=http://172.31.84.119:5601

Store this password securely. Use it for all REST API calls and Dashboards sign-in.

Checking Service Status

systemctl status opensearch
systemctl status opensearch-dashboards

Both services should show active (running). If OpenSearch is still starting up, wait 30–60 seconds and check again.

Tail the OpenSearch log (Ctrl-C to stop):

sudo journalctl -fu opensearch

OpenSearch REST API

OpenSearch listens on port 9200 with HTTPS and HTTP basic authentication. Use -sk with curl to skip certificate verification for the self-signed demo certificates:

Cluster health

PASS=$(sudo grep '^opensearch.admin.password=' /root/opensearch-credentials.txt | cut -d= -f2-)
curl -sk -u "admin:${PASS}" https://localhost:9200/_cluster/health | python3 -m json.tool

Expected output:

{
    "cluster_name": "cloudimg-opensearch",
    "status": "green",
    "number_of_nodes": 1,
    "number_of_data_nodes": 1
}

Create an index

PASS=$(sudo grep '^opensearch.admin.password=' /root/opensearch-credentials.txt | cut -d= -f2-)
curl -sk -X PUT "https://localhost:9200/my-index" \
  -u "admin:${PASS}" \
  -H "Content-Type: application/json" \
  -d '{"settings":{"number_of_shards":1,"number_of_replicas":0}}'

Index a document

PASS=$(sudo grep '^opensearch.admin.password=' /root/opensearch-credentials.txt | cut -d= -f2-)
curl -sk -X POST "https://localhost:9200/my-index/_doc" \
  -u "admin:${PASS}" \
  -H "Content-Type: application/json" \
  -d '{"title":"Hello OpenSearch","body":"This is a test document"}'

Search

PASS=$(sudo grep '^opensearch.admin.password=' /root/opensearch-credentials.txt | cut -d= -f2-)
curl -sk "https://localhost:9200/my-index/_search" \
  -u "admin:${PASS}" \
  -H "Content-Type: application/json" \
  -d '{"query":{"match_all":{}}}' | python3 -m json.tool

List all indices

PASS=$(sudo grep '^opensearch.admin.password=' /root/opensearch-credentials.txt | cut -d= -f2-)
curl -sk "https://localhost:9200/_cat/indices?v" -u "admin:${PASS}"

OpenSearch Dashboards

OpenSearch Dashboards is available at http://\<instance-public-ip>:5601.

Sign in as admin using the password from /root/opensearch-credentials.txt.

Key areas

Menu item Purpose
Discover Explore and query indexed data interactively
Visualize Build charts, maps, and metric panels
Dashboard Assemble visualisations into dashboards
Dev Tools Run OpenSearch DSL queries in a browser-based console
Index Management Create, inspect, and manage index policies
Security Manage users, roles, and tenants

Data Volume

OpenSearch index data is stored on the dedicated EBS volume mounted at /var/lib/opensearch/data. To check usage:

df -h /var/lib/opensearch/data

To expand the volume, resize it in the AWS console and then grow the filesystem. The data volume is typically /dev/nvme1n1:

sudo resize2fs /dev/nvme1n1

Security Notes

  • The demo TLS certificates shipped with OpenSearch are self-signed and intended for evaluation. For production use, replace them with certificates from a trusted CA and update opensearch.yml accordingly.
  • Restrict ports 9200 and 5601 to known IP ranges in your security group. Never expose the admin API to the public internet without additional authentication controls.
  • The admin account has full cluster access. Create role-scoped users via the Security plugin for application workloads.

Creating an additional user

Replace SecureAppPass2026! with a strong password of your choice:

PASS=$(sudo grep '^opensearch.admin.password=' /root/opensearch-credentials.txt | cut -d= -f2-)
curl -sk -X PUT "https://localhost:9200/_plugins/_security/api/internalusers/appuser" \
  -u "admin:${PASS}" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "SecureAppPass2026!",
    "backend_roles": ["readall"],
    "attributes": {}
  }'

Backup and Restore

Register an S3 snapshot repository

Replace your-s3-bucket and us-east-1 with your bucket name and region:

PASS=$(sudo grep '^opensearch.admin.password=' /root/opensearch-credentials.txt | cut -d= -f2-)
curl -sk -X PUT "https://localhost:9200/_snapshot/s3-backup" \
  -u "admin:${PASS}" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "s3",
    "settings": {
      "bucket": "your-s3-bucket",
      "region": "us-east-1"
    }
  }'

Take a snapshot

curl -sk -X PUT "https://localhost:9200/_snapshot/s3-backup/snapshot-$(date +%Y%m%d)" \
  -u "admin:${PASS}" \
  -H "Content-Type: application/json" \
  -d '{"indices":"*","ignore_unavailable":true}'

Screenshots

OpenSearch Dashboards welcome

The OpenSearch Dashboards welcome screen after first login, showing the OpenSearch Dashboards 3.6 interface ready to use.

Dev Tools Console

The OpenSearch Dashboards Dev Tools Console for running OpenSearch DSL queries interactively against the cluster.

Service status and cluster health

Terminal output confirming both opensearch.service and opensearch-dashboards.service are active, and cluster health is green with the generated admin password.

Support

24/7 technical support is available from cloudimg by email at support@cloudimg.co.uk.

We can assist with OpenSearch cluster configuration, index management, search query optimisation, Dashboards setup, security plugin configuration, and upgrade planning.