OpenSearch is a fork of ElasticSearch and Kibana. Open source versions of these products were previously hosted by AWS, and over time became an enticing alternative. This competition was legal and allowed by the license at the time, which forced Elastic to change it, as described on the following page:
https://www.elastic.co/pricing/faq/licensing
Since new versions of Elastic's stack could no longer be utilized in the same fashion, AWS forked both projects in order to continue offering the services.
Terraform can be utilized to create resources on the OpenSearch service. An example resource is aws_opensearchserverless_collection:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_collection
This resource can be serverless, and provides a platform endpoint for access via opensearch provider:
https://registry.terraform.io/providers/opensearch-project/opensearch/latest/docs
It's worth mentioning opensearch provider is created by a 3rd-party, and not supported by Hashicorp.
Said provider connects to the endpoint created for an AWS OpenSearch collection. The security model allows the end user to restrict service access and only allow certain AWS identities to access the data.
Issue arises when different IAM identities are used to create resources via Terraform vs. used in the AWS Console. Such mismatch requires access from the other identities, like roles or users, to be explicitly allowed.
Current implementation results in a number of indexes being shown as - in the web interface and an error e.map is not a function being presented in the web interface under Indexes tab. Despite being ambiguous, these errors are a direct result of access policy, and not a problem with Terraform, or how it deploys resources. This issue can be rectified by amending the access by adding additional principals:
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/opensearchserverless_access_policy.
All principals that access the resources via the AWS Console, must be granted access, otherwise the service will behave in the way captured by the following screenshots.