Skip to content

Amazon Opensearch Serverless

Jump to bottom
Ankita Srivastava edited this page Jul 8, 2025 · 13 revisions

Amazon Opensearch Serverless

This page describes how to configure Amazon Opensearch Serverless for Geoportal. Below steps will outline the procedure for configuring Amazon API Gateway, Amazon Lambda and Amazon Opensearch Serverless for Geoportal Catalog UI.

Geoportal Server on AWS OpenSearch Serverless

Create and deploy the Lambda function

To create your function using the Lambda console

  1. Navigate to the Lambda console at https://console.aws.amazon.com/lambda/home. On the left navigation pane, choose Functions .
  2. Select Create function .
  3. Configure the following fields:
    • Function name: opensearch-function
    • Runtime: Python 3.9
    • Architecture: x86_64

Keep all other default options and choose Create function .

  1. Download https://github.com/Esri/geoportal-server-catalog/blob/master/geoportal/doc/aws-serverless/deployment-package.zip

    In the Code source section of the function summary page, choose the Upload from dropdown and select .zipfile . Select above downloaded zip and Save .

  2. The handler is the method in your function code that processes events. Under Runtime settings , choose Edit and change the handler name according to the name of the file in your deployment package where the Lambda function is located. Since your file is named opensearch-lambda.py, rename the handler to opensearch-lambda .lambda_handler. For more information, see Lambda function handler in Python.

Next, you need to configure the permissions in openSearch Serverless’s data access policy to let the Lambda function access the collection.

  1. On the Lambda console, navigate to your function.
  2. On the Configuration tab, in the Permissions section, under Execution role, copy the value for Role name.

3. Add this role name as one of the principals of your collection’s data access policy. Principals can be AWS Identity and Access Management (IAM) users, role ARNs, or SAML identities. These principals must be within the current AWS account. After you add the role name as a principal, you can see the role ARN updated in your rule, as shown in below screenshot.

Now you can grant collection and index permissions to this principal.

For more details about data access policies, refer to Data access control for Amazon OpenSearch Serverless.

Skipping this step or not running it correctly will result in permission errors, and your Lambda code won’t be able to query the Geoportal catalog.

Edit Role of lambda function

  1. On the Lambda console, navigate to your function.
  2. On the Configuration tab, in the Permissions section, Click on Execution role
  3. Open Permission Policies

Add below permission

{ "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "aoss:DashboardsAccessAll", "aoss:APIAccessAll" ], "Resource": "*" }

Create ALB and lambda function as target

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-application-load-balancer.html https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html

Note down the ALB URL and configure this in app-context.xml <beans:property name="awsALBEndpoint" value=" " />

Clone this wiki locally