Step 2: Create Access Proxy - Centralized Logging with OpenSearch

Step 2: Create Access Proxy

Note

Access proxy is optional and it incurs additional cost. If you can connect to Amazon OpenSearch Service's VPC (such as through VPN connection), you don't need to activate access proxy. You need to use it only if you want to connect to Amazon OpenSearch Service dashboard from public Internet.

You can create a Nginx proxy and create an DNS record pointing to the proxy, so that you can access the Amazon OpenSearch Service dashboard securely from public network. For more information, refer to Access Proxy in the Domain Management chapter.

Create a Nginx proxy

  1. Sign in to the Centralized Logging with OpenSearch console.

  2. In the navigation pane, under Domains, choose OpenSearch domains.

  3. Select the domain from the table.

  4. Under General configuration, choose Enable at the Access Proxy label.

  5. On the Create access proxy page, under Public access proxy, select at least 2 subnets which contain LogHubVpc/DefaultVPC/publicSubnetX for the Public Subnets.

  6. For Public Security Group, choose the Security Group which contains ProxySecurityGroup.

  7. Enter the Domain Name.

  8. Choose the associated Load Balancer SSL Certificate which applies to the domain name.

  9. Choose the Nginx Instance Key Name.

  10. Choose Create.

After provisioning the proxy infrastructure, you need to create an associated DNS record in your DNS resolver. The following introduces how to find the Application Load Balancer (ALB) domain, and then create a CNAME record pointing to this domain.

Create an DNS record

  1. Sign in to the Centralized Logging with OpenSearch console.

  2. In the navigation pane, under Domains, choose OpenSearch domains.

  3. Select the domain from the table.

  4. Choose the Access Proxy tab. Find Load Balancer Domain, which is the ALB domain.

  5. Go to the DNS resolver, and create a CNAME record pointing to this domain. If your domain is managed by Amazon RouteĀ 53, refer to Creating records by using the Amazon RouteĀ 53 console.