Designing centralized and distributed network connectivity patterns for Amazon OpenSearch Serverless – Part 2
Big Data Blog
This article presents Part 2 of a series on hybrid multi-account access patterns for Amazon OpenSearch Serverless, focusing on distributed architectures where multiple business units independently manage their own collections and VPC endpoints across separate AWS accounts.
- Centralized DNS management via custom private hosted zone (PHZ) in networking account
- CNAME records map collection endpoints to each business unit's VPC endpoint
- Route 53 Profiles shared through AWS RAM enable spoke and on-premises access
- Pattern 1: On-premises clients access collections across multiple business unit accounts
- Pattern 2: Spoke account compute resources access collections across business units
- Each business unit maintains autonomous ownership of collections and infrastructure
- DNS resolution flows through Route 53 Resolver inbound endpoints and Transit Gateway
- Networking team manually maintains custom PHZ when new collections are added
- Avoids DNS fragmentation and coordination overhead across multiple accounts
This distributed model provides business unit autonomy while maintaining centralized DNS management and connectivity for OpenSearch Serverless collections across multi-account environments.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
2026
2025
2026
2025
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.