By default, Amazon OpenSearch and OpenSearch Dashboards are configured to be only reachable from inside your VPC. Instead of connecting through a bastion instance, is it possible to use AWS Systems Manager to reach your domain?

The answer to this question is yes! You can simply use the following command to open a port forwarding session between your computer and your OpenSearch instance:

aws ssm start-session --target INSTANCE_ID \
  --document-name AWS-StartPortForwardingSessionToRemoteHost \
  --parameters '{"host":["OPENSEARCH_DOMAIN.AWS_REGION.es.amazonaws.com"],"portNumber":["443"], "localPortNumber":["9200"]}'

You should then see something like this:

Starting session with SessionId: 1686678705732034000-0b24bf8500a2a5362
Port 9200 opened for sessionId 1686678705732034000-0b24bf8500a2a5362.
Waiting for connections...

and you can now connect to your OpenSearch dashboards via https://localhost:9200/_dashboards (by bypassing the SSL validation issue)!