# OpenSearch

## Prerequisites

* You are an admin to the OpenSearch domain/collection.
* The OpenSearch instances are network accessible to the environment in which Teleskope is deployed.

## Supported Authentication Methods

1. Username / Password (Basic Auth)
2. AWS IAM

***

{% stepper %}
{% step %}
**Create OpenSearch users**

**Option 1: Basic Auth**

1. Create a user in OpenSearch (Settings → Security → Internal Users):
   1. Username: `teleskope_ro`
   2. Password: `{secure_password}`
2. Assign the new user to a role
   1. The existing role `readall` has the appropriate permissions.
   2. To scope down by index, create a custom role with index filters, and apply the cluster permissions `cluster_composite_ops_ro` .
   3. Go to mapped users, and add the new internal user.

**Option 2: IAM Auth**

1. See [aws](https://docs.teleskope.ai/connectors/aws "mention"), and add the Teleskope role to the target accounts if it does not exist.
2. Attach the **`AmazonOpenSearchServiceReadOnlyAccess`** IAM Policy to the role, or scope it down to select resources:

   ```
   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": [
             "es:Describe*",
             "es:List*",
             "es:Get*"
         ],
         "Resource": "*"
       }
     ]
   }
   ```
3. Assign the **backend user** a role in OpenSearch (Settings → Security → Roles):
   1. Edit `readall` or your custom permission.
   2. Go to mapped users, and add the backend role by ARN (e.g. `arn:aws:iam::{origin_aws_account_id}:role/system/TeleskopeRole` ).
      {% endstep %}

{% step %}
**Enroll OpenSearch in Teleskope**

1. Gather the following details for your OpenSearch instance:
   1. Endpoint
   2. Region
   3. Provider
2. Select the authentication method
3. Supply the credentials:
   1. **Basic Auth:** enter the username/password.
   2. **IAM Auth:** select the AWS account where the OpenSearch instance & IAM role belongs.
      {% endstep %}
      {% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.teleskope.ai/connectors/saas/opensearch.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.