search
Ctrlk
AcademyCustomer Portal

AWS OpenSearch

This article outlines the integration with the AWS OpenSearch connector, enabling metadata management through features such as crawling, querying with data preview for supported objects. It also ensures secure authentication via Credential Manager.

hashtag
Overview

hashtag
Connector Details

Connector Category

Application Connector

OvalEdge Releases Supported

8.1

Connectivity

[How the connection is established with AWS OpenSearch]

OpenSearch REST API over HTTPS with SigV4 signed requests |

hashtag
Connector Features

Crawling

Delta Crawling

Profiling

Query Sheet

Data Preview

Auto Lineage

Manual Lineage

Secure Authentication via Credential Manager

Data Quality

DAM (Data Access Management)

Bridge

hashtag
Metadata Mapping

The following objects are crawled from AWS OpenSearch and mapped to the corresponding UI assets.

AWS OpenSearch Object
AWS OpenSearch Attribute
OvalEdge Attribute
OvalEdge Category
OvalEdge Type

Indexes

Index Name

Entity Identifier

Table / Entity

Entity

Index Fields

Mapping Property (including nested properties)

Column Name and Type

Column

Column

Aliases

Alias Name

Entity Identifier

View

Entity

Alias Details

Alias-to-Index Reference (when available)

Entity Comment / Description

View

Entity

hashtag
Set up a Connection

hashtag
Prerequisites

The following are the prerequisites to establish a connection:

Network and API access

The connector sends HTTPS requests to your OpenSearch endpoint. Ensure your OvalEdge environment can reach the endpoint host and any required network egress rules allow access to the OpenSearch API. If you use corporate proxies, ensure they permit HTTPS traffic to the OpenSearch endpoint.

Service Account User Permissions

circle-exclamation

It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions.

circle-info

👨‍💻 Who can provide these permissions? These permissions are typically granted by the AWS Opensearch administrator, as users may not have the required access to assign them independently.

Operation
Objects
System Tables
Access Permission

Connection Validation

OpenSearch Endpoint

GET/

Ability to authenticate and read the OpenSearch endpoint response

Crawling

Indexes

GET /_cat/indices?format=json

Ability to list index names

Crawling

Aliases

GET /_cat/aliases?format=json

Ability to list alias names

Field Discovery

Indexes

GET /{index}/_mapping

Ability to read index mappings (Field definitions)

Query Sheet / Data Preview

Indexes

POST /{index}/_search

Ability to search and read document `_source` fields

hashtag
Connection Configuration Steps

circle-exclamation

Users are required to have the Connector Creator role in order to configure a new connection.

  1. Log into OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS OpenSearch, and complete the required parameters.

circle-info

Fields marked with an asterisk (*) are mandatory for establishing a connection.

Field Name
Description

Connector Type

By default, "AWS OpenSearch" is displayed as the selected connector type.

Credential Manager*

Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on your selection.

Supported Credential Managers:

  • OE Credential Manager

  • AWS Secrets Manager

  • HashiCorp Vault

  • Azure Key Vault

Connector Name*

Enter a unique name for the AWS OpenSearch connection

(Example: "AWS_OpenSearch").

Connector description

Enter a brief description of the connector.

Endpoint*

Enter the OpenSearch HTTPS endpoint (without a trailing slash).

Example: https://search-my-domain-xxxx.us-east-1.es.amazonaws.com

AWS Region*

Enter the AWS region used for request signing.

Example: us-east-1

AWS Access Key Id*

Enter the AWS IAM access key ID used to sign OpenSearch requests

AWS Secret Access Key*

Enter the AWS IAM secret access key used for signing (masked).

AWS Session Token

Enter the session token if using temporary credentials (optional, masked)

SigV4 Service Name

Enter the service name for signing: use es for OpenSearch Service and aoss for OpenSearch Serverless

Index Include Pattern

Enter a wildcard pattern to include specific indices (optional). Example: logs-*. Leave blank to include all indices

Default Governance Roles

Default Governance Roles*

Select the appropriate users or teams for each governance role from the drop-down list. All users and teams configured in OvalEdge Security are displayed for selection.

Admin Roles

Admin Roles*

Select one or more users from the dropdown list for Integration Admin and Security & Governance Admin. All users configured in OvalEdge Security are available for selection.

No of Archive Objects

No Of Archive Objects*

This shows the number of recent metadata changes to a dataset at the source. By default, it is off. To enable it, toggle the Archive button and specify the number of objects to archive.

Example: Setting it to 4 retrieves the last four changes, displayed in the 'Version' column of the 'Metadata Changes' module.

Bridge

Select Bridge*

If applicable, select the bridge from the drop-down list.

The drop-down list displays all active bridges configured in OvalEdge. These bridges enable communication between data sources and OvalEdge without altering firewall rules.

  1. After entering all connection details, the following actions can be performed:

    1. Click Validate to verify the connection.

    2. Click Save to store the connection for future use.

    3. Click Save & Configure to apply additional settings before saving.

  2. The saved connection will appear on the Connectors home page.

hashtag
Manage Connector Operations

hashtag
Crawl/Profile

circle-exclamation

To perform crawl operations, users must be assigned the Integration Admin role. For AWS OpenSearch, the connector exposes a container representing your OpenSearch endpoint, and crawling discovers indices and aliases available under that endpoint.

The Crawl/Profile button allows users to select one or more containers for crawling.

  1. Navigate to the Connectors page and click Crawl/Profile.

  2. Select the OpenSearch endpoint container to crawl.

  3. The Crawl option is selected by default.

  4. Click Run to collect metadata from the connected source and load it into the OvalEdge Data Catalog.

  5. After a successful crawl, the information appears in the Data Catalog > Databases/Tables/Reports/Files/APIs tab.

The Schedule checkbox allows automated crawling at defined intervals, from a minute to a year.

  1. Click the Schedule checkbox to enable the Select Period drop-down.

  2. Select a time period for the operation from the drop-down menu.

  3. Click Schedule to initiate metadata collection from the connected source.

  4. The system will automatically execute the crawl operation at the scheduled time.

hashtag
Other Operations

The Connectors page in OvalEdge provides a centralized view of all configured connectors, including their health status.

Managing connectors includes:

  • Connectors Health: Displays the current status of each connector using a green icon for active connections and a red icon for inactive connections, helping to monitor the connectivity with data sources.

  • Viewing: Click the Eye icon next to the connector name to view connector details, including databases, tables, columns, and codes.

Nine Dots Menu Options:

To view, edit, validate, configure, or delete connectors, click on the Nine Dots menu.

  • Edit Connector: Update and revalidate the data source.

  • Validate Connector: Check the connection's integrity.

  • Settings: Modify connector settings.

    • Crawler: Configure data extraction.

    • Query Policies: Define query execution rules based on roles.

    • Access Instructions: Add notes on how data can be accessed.

    • Business Glossary Settings: Manage term associations at the connector level.

  • Delete Connector: Remove a connector with confirmation.

hashtag
Connectivity Troubleshooting

If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.

S.No.
Error Message(s)
Error Description & Resolution

1

Invalid connection config

Error Description:

  • The connector validation ran without a complete connection configuration.

Resolution:

  • Ensure all required fields are provided in the connector settings and validate again.

2

Missing OpenSearch endpoint

Error Description:

  • The OpenSearch endpoint is not provided.

Resolution:

  • Enter a valid Endpoint (including https://) and retry validation.

3

Missing AWS region

Error Description:

  • The AWS region required for request signing is missing.

Resolution:

  • Provide a valid AWS Region and retry validation.

4

Missing AWS access key id

Error Description:

  • The AWS access key ID is missing.

Resolution:

  • Enter a valid AWS Access Key ID and retry validation.

5

Missing AWS secret access key

Error Description:

  • The AWS secret access key is missing.

Resolution:

  • Enter a valid AWS Secret Access Key and retry validation.

6

Connection validation failed

Error Description:

  • The system failed to connect or authenticate with the OpenSearch endpoint.

Resolution:

  • Verify the endpoint, AWS region, and credentials. Check network connectivity to the OpenSearch endpoint and retry validation.

7

Query execution failed

Error Description:

  • The query or data preview request failed during execution.

Resolution:

  • Verify that the index exists, check that the index include pattern, and retry after successful validation.

Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA

PreviousTally - Access ConfigurationNextZoho CRM

Last updated

Was this helpful?