Can't it be OpenSearch set up for public access?
For internet user to access VPC based opensearch we did the following
- created alb in public subnet
- create r53 cname mapping with alb
- Create target group with IP based
- using event bridge (createNetworkInterface & DeleteNetworkInterface) & lambda(python) we were able to query the ENI's and update the IP's in Target group.
With the above approach internet users able to access the vpc based opensearch
Can you elaborate your solution here? were you able to automate this approach? specifically the Listeners and rules that need to be setup, what health checks need to setup in TG?