Updating Cluster Security Mode to Enforcing
When you create an new OpenSearch cluster in the Console, the cluster's security mode is set to enforcing. Enforcing security mode is required for several Search with OpenSearch security related features, such as role-based access control, OpenID connect, and multi-tenancy.
For existing clusters created before February 2023, and new clusters not created in the Console, if you're not sure if the security mode is set to enforcing, see Verify Security Mode for how to check the security mode for the cluster. If the cluster's security mode is not set to enforcing, perform the steps described in this topic to update the security mode.
- Caution
After you set your cluster's security mode to enforcing, you can't revert it back to permissive.- On the Clusters list page, find the cluster that you want to work with. If you need help finding the list page or the cluster, see Listing OpenSearch Clusters.
- In the Clusters list, select the name of the cluster you want to change the security mode to enforcing for.
- On the Security Information tab, select ENFORCING for Mode.
- (Optional) To change the password for the primary account, specify a new value in the Password field, and then re-enter it in Confirm Password.
- Select Save changes.
Use the oci opensearch cluster update command and required parameters to update a cluster's security mode to
ENFORCING:oci opensearch cluster update --opensearch-cluster-id cluster_ocid --display-name cluster_name --security-mode security_mode [OPTIONS]For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
Run the UpdateOpensearchCluster operation to update a cluster's security mode to
ENFORCING.