# AWS OpenSearch This article outlines the integration with the AWS OpenSearch connector, enabling metadata management through features such as crawling, querying with data preview for supported objects. It also ensures secure authentication via Credential Manager.

### Overview #### Connector Details | Connector Category | Application Connector | | ---------------------------------------------------------------------------------- | ------------------------------------------------------------ | | OvalEdge Releases Supported | 8.1 | |

Connectivity

\[How the connection is established with AWS OpenSearch]

| OpenSearch REST API over HTTPS with SigV4 signed requests \| | #### Connector Features | Crawling | ✅ | | -------------------------------------------- | :-: | | Delta Crawling | ❌ | | Profiling | ❌ | | Query Sheet | ✅ | | Data Preview | ✅ | | Auto Lineage | ❌ | | Manual Lineage | ❌ | | Secure Authentication via Credential Manager | ✅ | | Data Quality | ❌ | | DAM (Data Access Management) | ❌ | | Bridge | ✅ | #### Metadata Mapping The following objects are crawled from AWS OpenSearch and mapped to the corresponding UI assets.

AWS OpenSearch Object	AWS OpenSearch Attribute	OvalEdge Attribute	OvalEdge Category	OvalEdge Type
Indexes	Index Name	Entity Identifier	Table / Entity	Entity
Index Fields	Mapping Property (including nested properties)	Column Name and Type	Column	Column
Aliases	Alias Name	Entity Identifier	View	Entity
Alias Details	Alias-to-Index Reference (when available)	Entity Comment / Description	View	Entity

### Set up a Connection #### Prerequisites The following are the prerequisites to establish a connection: **Network and API access** The connector sends **HTTPS** requests to your OpenSearch endpoint. Ensure your OvalEdge environment can reach the endpoint host and any required network egress rules allow access to the OpenSearch API. If you use corporate proxies, ensure they permit HTTPS traffic to the OpenSearch endpoint. **Service Account User Permissions** {% hint style="warning" %} It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions. {% endhint %} {% hint style="info" %} 👨‍💻 Who can provide these permissions? These permissions are typically granted by the AWS Opensearch administrator, as users may not have the required access to assign them independently. {% endhint %} | Operation | Objects | System Tables | Access Permission | | -------------------------- | ------------------- | ------------------------------ | ----------------------------------------------------------------- | | Connection Validation | OpenSearch Endpoint | GET/ | Ability to authenticate and read the OpenSearch endpoint response | | Crawling | Indexes | GET /\_cat/indices?format=json | Ability to list index names | | Crawling | Aliases | GET /\_cat/aliases?format=json | Ability to list alias names | | Field Discovery | Indexes | GET /{index}/\_mapping | Ability to read index mappings (Field definitions) | | Query Sheet / Data Preview | Indexes | POST /{index}/\_search | Ability to search and read document \`\_source\` fields | #### Connection Configuration Steps {% hint style="warning" %} Users are required to have the Connector Creator role in order to configure a new connection.
{% endhint %} 1. Log into OvalEdge, go to **Administration > Connectors**, click **+ (New Connector),** search for **AWS OpenSearch**, and complete the required parameters. {% hint style="info" %} Fields marked with an asterisk (\*) are mandatory for establishing a connection. {% endhint %}

Field Name	Description
Connector Type	By default, "AWS OpenSearch" is displayed as the selected connector type.
Credential Manager*	Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on your selection. Supported Credential Managers: OE Credential Manager AWS Secrets Manager HashiCorp Vault Azure Key Vault
Connector Name*	Enter a unique name for the AWS OpenSearch connection (Example: "AWS_OpenSearch").
Connector description	Enter a brief description of the connector.
Endpoint*	Enter the OpenSearch HTTPS endpoint (without a trailing slash). Example: https://search-my-domain-xxxx.us-east-1.es.amazonaws.com
AWS Region*	Enter the AWS region used for request signing. Example: us-east-1
AWS Access Key Id*	Enter the AWS IAM access key ID used to sign OpenSearch requests
AWS Secret Access Key*	Enter the AWS IAM secret access key used for signing (masked).
AWS Session Token	Enter the session token if using temporary credentials (optional, masked)
SigV4 Service Name	Enter the service name for signing: use es for OpenSearch Service and aoss for OpenSearch Serverless
Index Include Pattern	Enter a wildcard pattern to include specific indices (optional). Example: logs-*. Leave blank to include all indices


Default Governance Roles
Default Governance Roles*	Select the appropriate users or teams for each governance role from the drop-down list. All users and teams configured in OvalEdge Security are displayed for selection.
Admin Roles
Admin Roles*	Select one or more users from the dropdown list for Integration Admin and Security & Governance Admin. All users configured in OvalEdge Security are available for selection.
No of Archive Objects
No Of Archive Objects*	This shows the number of recent metadata changes to a dataset at the source. By default, it is off. To enable it, toggle the Archive button and specify the number of objects to archive. Example: Setting it to 4 retrieves the last four changes, displayed in the 'Version' column of the 'Metadata Changes' module.
Bridge
Select Bridge*	If applicable, select the bridge from the drop-down list. The drop-down list displays all active bridges configured in OvalEdge. These bridges enable communication between data sources and OvalEdge without altering firewall rules.

2. After entering all connection details, the following actions can be performed: 1. Click **Validate** to verify the connection. 2. Click **Save** to store the connection for future use. 3. Click **Save & Configure** to apply additional settings before saving. 3. The saved connection will appear on the Connectors home page. ### Manage Connector Operations #### Crawl/Profile {% hint style="warning" %} To perform crawl operations, users must be assigned the Integration Admin role.\ For AWS OpenSearch, the connector exposes a container representing your OpenSearch endpoint, and crawling discovers indices and aliases available under that endpoint. {% endhint %} The **Crawl/Profile** button allows users to select one or more containers for crawling. 1. Navigate to the **Connectors** page and click **Crawl/Profile**. 2. Select the **OpenSearch** endpoint container to **crawl**. 3. The **Crawl** option is selected by default. 4. Click **Run** to collect metadata from the connected source and load it into the OvalEdge **Data Catalog**. 5. After a **successful crawl**, the information appears in the **Data Catalog > Databases/Tables/Reports/Files/APIs** tab. The **Schedule** checkbox allows automated **crawling** at defined intervals, from a minute to a year. 1. Click the **Schedule** checkbox to enable the Select **Period drop-down**. 2. Select a **time period** for the operation from the drop-down menu. 3. Click **Schedule** to initiate metadata collection from the connected source. 4. The system will automatically execute the crawl operation at the scheduled time. #### Other Operations The **Connectors** page in OvalEdge provides a centralized view of all configured connectors, including their health status. **Managing connectors includes:** * **Connectors Health:** Displays the current status of each connector using a green icon for active connections and a red icon for inactive connections, helping to monitor the connectivity with data sources. * **Viewing:** Click the Eye icon next to the connector name to view connector details, including databases, tables, columns, and codes. **Nine Dots Menu Options:** To view, edit, validate, configure, or delete connectors, click on the Nine Dots menu. * **Edit Connector:** Update and revalidate the data source. * **Validate Connector:** Check the connection's integrity. * **Settings:** Modify connector settings. * **Crawler:** Configure data extraction. * **Query Policies:** Define query execution rules based on roles. * **Access Instructions:** Add notes on how data can be accessed. * **Business Glossary Settings:** Manage term associations at the connector level. * **Delete Connector:** Remove a connector with confirmation. #### Connectivity Troubleshooting If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.

S.No.	Error Message(s)	Error Description & Resolution
1	Invalid connection config	Error Description: The connector validation ran without a complete connection configuration. Resolution: Ensure all required fields are provided in the connector settings and validate again.
2	Missing OpenSearch endpoint	Error Description: The OpenSearch endpoint is not provided. Resolution: Enter a valid Endpoint (including https://) and retry validation.
3	Missing AWS region	Error Description: The AWS region required for request signing is missing. Resolution: Provide a valid AWS Region and retry validation.
4	Missing AWS access key id	Error Description: The AWS access key ID is missing. Resolution: Enter a valid AWS Access Key ID and retry validation.
5	Missing AWS secret access key	Error Description: The AWS secret access key is missing. Resolution: Enter a valid AWS Secret Access Key and retry validation.
6	Connection validation failed	Error Description: The system failed to connect or authenticate with the OpenSearch endpoint. Resolution: Verify the endpoint, AWS region, and credentials. Check network connectivity to the OpenSearch endpoint and retry validation.
7	Query execution failed	Error Description: The query or data preview request failed during execution. Resolution: Verify that the index exists, check that the index include pattern, and retry after successful validation.

*** Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ovaledge.com/release8.1/connectors/connector-repositories/application/aws-opensearch.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.