Oracle Cloud Infrastructure Documentation

Updating Cluster Security Mode to Enforcing

When you create an new OpenSearch cluster in the Console, the cluster's security mode is set to enforcing. Enforcing security mode is required for several Search with OpenSearch security related features, such as role-based access control, OpenID connect, and multi-tenancy.

For existing clusters created before February 2023, and new clusters not created in the Console, if you're not sure if the security mode is set to enforcing, see Verify Security Mode for how to check the security mode for the cluster. If the cluster's security mode is not set to enforcing, perform the steps described in this topic to update the security mode.
  • Caution

    After you set your cluster's security mode to enforcing, you can't revert it back to permissive.

    1. Open the navigation menu and click Databases. Under OpenSearch, click Clusters.

    2. In the Clusters list, click the name of the cluster you want to change the security mode to enforcing for.

    3. On the Security Information tab, select ENFORCING for Mode.

    4. (Optional) To change the password for the primary account, specify a new value in the Password field, and then re-enter it in Confirm Password.

    5. Click Save changes.

  • Use the oci opensearch cluster update command and required parameters to update the name for a cluster:

    oci opensearch cluster update --opensearch-cluster-id cluster_ocid --display-name cluster_name --security-mode security_mode [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

    Run the UpdateOpensearchCluster operation to update a cluster's security mode to ENFORCING.