yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
de9f8a7cc5b4e61816cbd4e52cc108c5f9fc3b4c
doc-exports/docs/css/umn/css_01_0477.html
zhengxiu 2125539080 css umn 25.1.0 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: zhengxiu <zhengxiu@huawei.com>
Co-committed-by: zhengxiu <zhengxiu@huawei.com>
2025-07-04 09:10:17 +00:00

110 lines
23 KiB
HTML
Raw Blame History

<a name="css_01_0477"></a><a name="css_01_0477"></a>
<h1 class="topictitle1">Configuring VPC Endpoint Service for an OpenSearch Cluster</h1>
<div id="body0000001992165621"><p id="css_01_0477__css_01_0412_p17394551104118"><span id="css_01_0477__css_01_0412_ph1862916854519">VPC Endpoint Service enables you to access resources across Virtual Private Clouds (VPCs) using a dedicated gateway, without exposing the network information of servers. When VPC Endpoint Service is enabled, a VPC endpoint will be created by default. You can select Private Domain Name Creation if necessary. Users will be able to access this cluster across VPCs through node IP addresses or a private domain name.</span></p>
<p id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_p8060118">VPC Endpoint uses a shared load balancer for intranet access. If your workloads require quicker access, you are advised to use a dedicated load balancer to connect to your cluster. For details about its configuration, see <a href="css_01_0413.html">Configuring a Dedicated Load Balancer for an Elasticsearch Cluster</a>.</p>
<div class="section" id="css_01_0477__css_01_0412_section15462192019594"><h4 class="sectiontitle">Constraints</h4><ul id="css_01_0477__css_01_0412_ul8530172418472"><li id="css_01_0477__css_01_0412_li135301024164710">VPC endpoint creation requires specific permissions. For details, see the "Permissions" section in the <em id="css_01_0477__css_01_0412_i613001634116">VPC Endpoint User Guide</em>.</li><li id="css_01_0477__css_01_0412_li11530152413476">Public network access and the VPC Endpoint service share a load balancer. If you configure a whitelist for public network access, and because this whitelist is deployed to the shared load balancer, it will control not only access from the public network, but also access using private IP addresses through VPCEP. In this case, you need to add IP address <strong id="css_01_0477__css_01_0412_css_01_0076_b2474121113146">198.19.128.0/17</strong> to the public network access whitelist to allow traffic through VPCEP.</li><li id="css_01_0477__css_01_0412_li16630142181518">After VPCEP is enabled, access to CSS through a VPCEP IP address or private domain name is not controlled by any cluster security group rules. Rather, you need to configure a VPCEP whitelist to implement access control.</li></ul>
</div>
<div class="section" id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_section115745793915"><h4 class="sectiontitle">Enabling the VPC Endpoint Service</h4><ol id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_ol77309120406"><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li1142971461017">Log in to the <span id="css_01_0477__css_01_0412_text781091821111559">CSS</span> management console.</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li26962321017">Click <strong id="css_01_0477__css_01_0412_b1853971110547">Create Cluster</strong> in the upper right corner.</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li19621829513">On the <strong id="css_01_0477__css_01_0412_b192581638133917">Create Cluster</strong> page, set <strong id="css_01_0477__css_01_0412_b11258193833914">Advanced Settings</strong> to <strong id="css_01_0477__css_01_0412_b1125853873915">Custom</strong>. Enable the VPC endpoint service.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="css_01_0477__css_01_0412_table8592132619556" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Configuring VPC Endpoint Service</caption><thead align="left"><tr id="css_01_0477__css_01_0412_css_01_0380_row1342116555339"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.4.2.3.4.2.3.1.1"><p id="css_01_0477__css_01_0412_css_01_0380_p12421145523314">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.4.2.3.4.2.3.1.2"><p id="css_01_0477__css_01_0412_css_01_0380_p842145513334">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="css_01_0477__css_01_0412_css_01_0380_row24211655193318"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.4.2.3.4.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p184211955173314">Private Domain Name Creation</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.4.2.3.4.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p1642215515336">If <strong id="css_01_0477__css_01_0412_css_01_0380_b1823101617213">Private Domain Name Creation</strong> is selected, the system generates a node IP address and also automatically creates a private domain name, which enables users to access this cluster from within the same VPC. If it is not selected, only a node IP address is generated.</p>
</td>
</tr>
<tr id="css_01_0477__css_01_0412_css_01_0380_row16574110365"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.4.2.3.4.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p1651741183614">Create professional endpoints</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.4.2.3.4.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p116554118362">Choose whether to create professional endpoints.</p>
<ul id="css_01_0477__css_01_0412_css_01_0380_ul315093515496"><li id="css_01_0477__css_01_0412_css_01_0380_li41502351498">If unselected, a basic endpoint will be created.</li><li id="css_01_0477__css_01_0412_css_01_0380_li1215023574918">If selected, a professional endpoint will be created.</li></ul>
<div class="note" id="css_01_0477__css_01_0412_css_01_0380_note10384204094913"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="css_01_0477__css_01_0412_css_01_0380_p038474013498">If the region where the cluster is located does not support professional endpoints, this option is unavailable. By default, a basic endpoint is created.</p>
</div></div>
</td>
</tr>
<tr id="css_01_0477__css_01_0412_css_01_0380_row103921643103616"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.4.2.3.4.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p0392114373614">IPv4/IPv6 dual stack network</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.4.2.3.4.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p108251221135211">Whether to enable IPv4/IPv6 dual-stack networking. This option is available only when IPv6 is enabled for the VPC subnet of the cluster and you have selected <strong id="css_01_0477__css_01_0412_css_01_0380_b133291529371">Create professional endpoints</strong> earlier.</p>
</td>
</tr>
<tr id="css_01_0477__css_01_0412_css_01_0380_row1642214556331"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.4.2.3.4.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p2422105523317">VPC Endpoint Service Whitelist</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.4.2.3.4.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p207751233114313">In <strong id="css_01_0477__css_01_0412_css_01_0380_b27711119142518">VPC Endpoint Service Whitelist</strong>, you can add accounts that are allowed to access the cluster using a node IP address or private domain name.</p>
<ul id="css_01_0477__css_01_0412_css_01_0380_ul197511323113916"><li id="css_01_0477__css_01_0412_css_01_0380_en-us_topic_0000001223434404_li3393155917228">Click <strong id="css_01_0477__css_01_0412_css_01_0380_b137807426267">Add</strong> to add accounts in <strong id="css_01_0477__css_01_0412_css_01_0380_b2911711192713">Authorized Account ID</strong>. If the authorized account ID is set to <strong id="css_01_0477__css_01_0412_css_01_0380_b100741489125619">*</strong>, all users are allowed to access the cluster.</li><li id="css_01_0477__css_01_0412_css_01_0380_en-us_topic_0000001223434404_li640115594223">Click <strong id="css_01_0477__css_01_0412_css_01_0380_b199507410274">Delete</strong> in the <strong id="css_01_0477__css_01_0412_css_01_0380_b795134112720">Operation</strong> column to delete accounts.</li></ul>
<div class="note" id="css_01_0477__css_01_0412_css_01_0380_en-us_topic_0000001223434404_note47795914269"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="css_01_0477__css_01_0412_css_01_0380_p951214911592">To obtain your authorized account ID, point to your username in the upper right corner, and choose <strong id="css_01_0477__css_01_0412_css_01_0380_b181415485296">My Credentials</strong>. Copy the value of <strong id="css_01_0477__css_01_0412_css_01_0380_b1731082963010">Account ID</strong>.</p>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
</li></ol>
</div>
<div class="section" id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_section12521512195113"><h4 class="sectiontitle">Enabling the VPC Endpoint Service for an Existing Cluster</h4><p id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_p8328122613523">You can enable the VPC endpoint service while creating a cluster. Alternatively, you can do that by performing the following steps after cluster creation.</p>
<ol id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_ol146347435519"><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li7625635121410">Log in to the <span id="css_01_0477__css_01_0412_text1152577359111559">CSS</span> management console.</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li106254357143">Choose <strong id="css_01_0477__css_01_0412_b33362618474">Clusters</strong> in the navigation pane. On the <span class="wintitle" id="css_01_0477__css_01_0412_wintitle20562115115114"><b>Clusters</b></span> page, click the name of the target cluster.</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li1068041913586">Click the <strong id="css_01_0477__css_01_0412_b14205337339">VPC Endpoint Service</strong> tab, and turn on the button next to <strong id="css_01_0477__css_01_0412_b315831114818">VPC Endpoint Service</strong>.<div class="p" id="css_01_0477__css_01_0412_p16871056171117">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="css_01_0477__css_01_0412_table62911631185714" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Configuring VPC Endpoint Service</caption><thead align="left"><tr id="css_01_0477__css_01_0412_css_01_0380_row1342116555339_1"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.5.3.3.3.1.2.3.1.1"><p id="css_01_0477__css_01_0412_css_01_0380_p12421145523314_1">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.5.3.3.3.1.2.3.1.2"><p id="css_01_0477__css_01_0412_css_01_0380_p842145513334_1">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="css_01_0477__css_01_0412_css_01_0380_row24211655193318_1"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.3.3.3.1.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p184211955173314_1">Private Domain Name Creation</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.3.3.3.1.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p1642215515336_1">If <strong id="css_01_0477__css_01_0412_css_01_0380_b1823101617213_1">Private Domain Name Creation</strong> is selected, the system generates a node IP address and also automatically creates a private domain name, which enables users to access this cluster from within the same VPC. If it is not selected, only a node IP address is generated.</p>
</td>
</tr>
<tr id="css_01_0477__css_01_0412_css_01_0380_row16574110365_1"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.3.3.3.1.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p1651741183614_1">Create professional endpoints</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.3.3.3.1.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p116554118362_1">Choose whether to create professional endpoints.</p>
<ul id="css_01_0477__css_01_0412_css_01_0380_ul315093515496_1"><li id="css_01_0477__css_01_0412_css_01_0380_li41502351498_1">If unselected, a basic endpoint will be created.</li><li id="css_01_0477__css_01_0412_css_01_0380_li1215023574918_1">If selected, a professional endpoint will be created.</li></ul>
<div class="note" id="css_01_0477__css_01_0412_css_01_0380_note10384204094913_1"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="css_01_0477__css_01_0412_css_01_0380_p038474013498_1">If the region where the cluster is located does not support professional endpoints, this option is unavailable. By default, a basic endpoint is created.</p>
</div></div>
</td>
</tr>
<tr id="css_01_0477__css_01_0412_css_01_0380_row103921643103616_1"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.3.3.3.1.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p0392114373614_1">IPv4/IPv6 dual stack network</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.3.3.3.1.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p108251221135211_1">Whether to enable IPv4/IPv6 dual-stack networking. This option is available only when IPv6 is enabled for the VPC subnet of the cluster and you have selected <strong id="css_01_0477__css_01_0412_css_01_0380_b133291529371_1">Create professional endpoints</strong> earlier.</p>
</td>
</tr>
<tr id="css_01_0477__css_01_0412_css_01_0380_row1642214556331_1"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.5.3.3.3.1.2.3.1.1 "><p id="css_01_0477__css_01_0412_css_01_0380_p2422105523317_1">VPC Endpoint Service Whitelist</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.5.3.3.3.1.2.3.1.2 "><p id="css_01_0477__css_01_0412_css_01_0380_p207751233114313_1">In <strong id="css_01_0477__css_01_0412_css_01_0380_b27711119142518_1">VPC Endpoint Service Whitelist</strong>, you can add accounts that are allowed to access the cluster using a node IP address or private domain name.</p>
<ul id="css_01_0477__css_01_0412_css_01_0380_ul197511323113916_1"><li id="css_01_0477__css_01_0412_css_01_0380_en-us_topic_0000001223434404_li3393155917228_1">Click <strong id="css_01_0477__css_01_0412_css_01_0380_b137807426267_1">Add</strong> to add accounts in <strong id="css_01_0477__css_01_0412_css_01_0380_b2911711192713_1">Authorized Account ID</strong>. If the authorized account ID is set to <strong id="css_01_0477__css_01_0412_css_01_0380_b100741489125619_1">*</strong>, all users are allowed to access the cluster.</li><li id="css_01_0477__css_01_0412_css_01_0380_en-us_topic_0000001223434404_li640115594223_1">Click <strong id="css_01_0477__css_01_0412_css_01_0380_b199507410274_1">Delete</strong> in the <strong id="css_01_0477__css_01_0412_css_01_0380_b795134112720_1">Operation</strong> column to delete accounts.</li></ul>
<div class="note" id="css_01_0477__css_01_0412_css_01_0380_en-us_topic_0000001223434404_note47795914269_1"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="css_01_0477__css_01_0412_css_01_0380_p951214911592_1">To obtain your authorized account ID, point to your username in the upper right corner, and choose <strong id="css_01_0477__css_01_0412_css_01_0380_b181415485296_1">My Credentials</strong>. Copy the value of <strong id="css_01_0477__css_01_0412_css_01_0380_b1731082963010_1">Account ID</strong>.</p>
</div></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li29456512311">Manage VPC endpoints.<p id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_p16226155244018"><a name="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li29456512311"></a><a name="css_01_0412_en-us_topic_0000001223434404_li29456512311"></a>The <strong id="css_01_0477__css_01_0412_b118916314426">VPC Endpoint Service</strong> page displays all VPC endpoints connected to the current cluster. You can obtain the service address and private domain name of VPC endpoints.</p>
<div class="fignone" id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_fig117081245144212"><span class="figcap"><b>Figure 1 </b>Managing VPC endpoints</span><br><span><img id="css_01_0477__css_01_0412_image125901840184710" src="en-us_image_0000001965497373.png"></span></div>
<p id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_p16779182523413">Click <strong id="css_01_0477__css_01_0412_b199356599295">Accept</strong> or <strong id="css_01_0477__css_01_0412_b93039283020">Reject</strong> in the <strong id="css_01_0477__css_01_0412_b2011934143013">Operation</strong> column to change the node status. If you reject the connection with a VPC endpoint, you cannot access the cluster through the private domain name generated by that VPC endpoint.</p>
</li></ol>
</div>
<div class="section" id="css_01_0477__css_01_0412_section888248113611"><h4 class="sectiontitle">Disabling the VPC Endpoint Service</h4><div class="note" id="css_01_0477__css_01_0412_note939411217417"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_01_0477__css_01_0412_p18394192124112">After the VPC endpoint service is disabled, the cluster can no longer be accessed through the VPCEP IP address or a private domain name. If you disable the VPC endpoint service and then re-enable it, the VPCEP IP address or private domain name for accessing the cluster may change. Exercise caution.</p>
</div></div>
<ol id="css_01_0477__css_01_0412_ol1467346409"><li id="css_01_0477__css_01_0412_li1115115462408">Log in to the CSS management console.</li><li id="css_01_0477__css_01_0412_li4151846154013">Choose <strong id="css_01_0477__css_01_0412_b1240823453">Clusters</strong> in the navigation pane. On the <span class="wintitle" id="css_01_0477__css_01_0412_wintitle1314693802"><b>Clusters</b></span> page, click the name of the target cluster.</li><li id="css_01_0477__css_01_0412_li1715120463405">Choose <strong id="css_01_0477__css_01_0412_b20435249378187">VPC Endpoint Service</strong> in the navigation pane, and toggle off the button next to <strong id="css_01_0477__css_01_0412_b11019258158187">VPC Endpoint Service</strong>.</li></ol>
</div>
<div class="section" id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_section19864153679"><h4 class="sectiontitle">Accessing a Cluster Using a Node IP Address or Private Domain Name</h4><ol id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_ol852205619137"><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li1580072410203">Obtain the cluster's private domain name or node IP address.<p id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_p521042354410"><a name="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li1580072410203"></a><a name="css_01_0412_en-us_topic_0000001223434404_li1580072410203"></a>Log in to the CSS console, click the target cluster name and go to the <strong id="css_01_0477__css_01_0412_b410112560255">Cluster Information</strong> page. Click the <strong id="css_01_0477__css_01_0412_b01011456122514">VPC Endpoint Service</strong> tab and check the service address and private domain name.</p>
</li><li id="css_01_0477__css_01_0412_li093220521789">On an ECS, run a cURL command to access the cluster by calling an API.<div class="p" id="css_01_0477__css_01_0412_p585035313818"><a name="css_01_0477__css_01_0412_li093220521789"></a><a name="css_01_0412_li093220521789"></a>The ECS must meet the following requirements:<ul id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_ul1228819655613"><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_en-us_topic_0076509577_li5679111965818">Sufficient disk space is allocated for the ECS.</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_en-us_topic_0076509577_li177641430191913">The ECS and the cluster must be in the same VPC. After enabling the VPC endpoint service, you can access the cluster from the ECS even when the cluster is not in the same VPC as the ECS.</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_en-us_topic_0076509577_li17361956113515">The security group of the ECS must be the same as that of the cluster.<p id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_en-us_topic_0076509577_p1961118514013"><a name="css_01_0477__css_01_0412_en-us_topic_0000001223434404_en-us_topic_0076509577_li17361956113515"></a><a name="css_01_0412_en-us_topic_0000001223434404_en-us_topic_0076509577_li17361956113515"></a>If this requirement is not met, modify the ECS security group or configure the inbound and outbound rules of the ECS security group to allow the ECS security group to be accessed by all security groups of the cluster. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0030878383.html" target="_blank" rel="noopener noreferrer">Configuring Security Group Rules</a>.</p>
</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_en-us_topic_0076509577_li18615245439">Configure security group rule settings of the target CSS cluster. Set <strong id="css_01_0477__css_01_0412_b227371317517">Protocol</strong> to <strong id="css_01_0477__css_01_0412_b32861161257">TCP</strong> and <strong id="css_01_0477__css_01_0412_b18174121916516">Port Range</strong> to <strong id="css_01_0477__css_01_0412_b72700238517">9200</strong> or a port range including port <strong id="css_01_0477__css_01_0412_b149632712513">9200</strong> for both the outbound and inbound directions.</li></ul>
</div>
<ul id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_ul1488359135519"><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li20883590552">If the cluster you access does not have the security mode enabled, run the following command:<pre class="screen" id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_screen128831696556">curl 'http://vpcep-7439f7f6-2c66-47d4-b5f3-790db4204b8d.region01.example.com:9200/_cat/indices'</pre>
</li><li id="css_01_0477__css_01_0412_li103891232184411">If the cluster you access has the security mode enabled and uses HTTP, access the cluster using HTTP and provide the username and password by using <strong id="css_01_0477__css_01_0412_b225354020549">-u</strong> in the cURL command.<pre class="screen" id="css_01_0477__css_01_0412_screen197274394516">curl -u username:password 'http:// vpcep-7439f7f6-2c66-47d4-b5f3-790db4204b8d.region01.example.com:9200/cat/indices'</pre>
</li><li id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_li0883995557">If the cluster you access has the security mode enabled and uses HTTPS, access the cluster using HTTPS and provide the username and password by using <strong id="css_01_0477__css_01_0412_b1550310915713">-u</strong> in the cURL command.<pre class="screen" id="css_01_0477__css_01_0412_en-us_topic_0000001223434404_screen28839945519">curl -u username:password -k 'https://vpcep-7439f7f6-2c66-47d4-b5f3-790db4204b8d.region01.example.com:9200/_cat/indices'</pre>
</li></ul>
</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_01_0475.html">Configuring Networking for an OpenSearch Cluster</a></div>
</div>
</div>
View Git Blame Copy Permalink