Next.js with Amazon OpenSearch

A Next.js app showcasing Amazon OpenSearch Serverless

Amazon OpenSearch Serverless Demo

This demo uses Amazon OpenSearch Serverless with Next.js to showcase full-text recipe search with facets, highlighting, and autocomplete. It connects securely using AWS SigV4 authentication, with credentials obtained via Vercel OIDC — no static AWS keys required.

How auth works

The app uses @vercel/oidc to read Vercel's short-lived OIDC token and exchanges it for AWS credentials via STS AssumeRoleWithWebIdentity (fromWebToken in the AWS SDK). On Vercel, VERCEL_OIDC_TOKEN is injected automatically; locally, vercel env pull writes one valid for ~12 hours.

Requirements

An Amazon OpenSearch Serverless Search collection
An IAM role whose trust policy allows Vercel's OIDC issuer (https://oidc.vercel.com/<team-slug>) and whose policy grants aoss:APIAccessAll on the collection. The Vercel AWS OpenSearch integration creates this role automatically and exposes it as the env vars below.
Node.js 18+

Environment variables

Provisioned automatically when you install the Vercel AWS OpenSearch integration. After vercel env pull .env.local you should see:

Variable	Purpose
`OPENSEARCH_ENDPOINT`	Search collection endpoint
`AWS_REGION`	Region of the search collection
`AWS_ROLE_ARN`	IAM role with access to the search collection
`VERCEL_OIDC_TOKEN`	Short-lived Vercel OIDC token (auto-injected on Vercel; written locally by `vercel env pull`)

Configure the IAM role trust policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": { "Federated": "arn:aws:iam::<account-id>:oidc-provider/oidc.vercel.com/<team-slug>" },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "oidc.vercel.com/<team-slug>:aud": "https://vercel.com/<team-slug>"
        }
      }
    }
  ]
}

Local Setup

Install dependencies:

npm install

Link the project and pull env vars (this provisions VERCEL_OIDC_TOKEN):

vercel link
vercel env pull .env.local

Seed the recipe index:

npm run seed

Start the development server:

npm run dev

View local development: http://localhost:3000

The local OIDC token expires after ~12 hours. If you see AWS auth errors mid-session, re-run vercel env pull .env.local --yes.

Learn More

GitHub

Ownervercel

Repositoryaws-opensearch-demo

Use Cases

Starter

Stack

Next.js

Tailwind

Related Templates

Next.js with Amazon OpenSearch

A Next.js app showcasing Amazon OpenSearch Serverless

Deploy View Demo

DeployView Demo

Amazon OpenSearch Serverless Demo

How auth works

Requirements

An Amazon OpenSearch Serverless Search collection
An IAM role whose trust policy allows Vercel's OIDC issuer (https://oidc.vercel.com/<team-slug>) and whose policy grants aoss:APIAccessAll on the collection. The Vercel AWS OpenSearch integration creates this role automatically and exposes it as the env vars below.
Node.js 18+

Environment variables

Provisioned automatically when you install the Vercel AWS OpenSearch integration. After vercel env pull .env.local you should see:

Variable	Purpose
`OPENSEARCH_ENDPOINT`	Search collection endpoint
`AWS_REGION`	Region of the search collection
`AWS_ROLE_ARN`	IAM role with access to the search collection
`VERCEL_OIDC_TOKEN`	Short-lived Vercel OIDC token (auto-injected on Vercel; written locally by `vercel env pull`)

Configure the IAM role trust policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": { "Federated": "arn:aws:iam::<account-id>:oidc-provider/oidc.vercel.com/<team-slug>" },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "StringEquals": {
          "oidc.vercel.com/<team-slug>:aud": "https://vercel.com/<team-slug>"
        }
      }
    }
  ]
}

Local Setup

Install dependencies:

npm install

Link the project and pull env vars (this provisions VERCEL_OIDC_TOKEN):

vercel link
vercel env pull .env.local

Seed the recipe index:

npm run seed

Start the development server:

npm run dev

View local development: http://localhost:3000

The local OIDC token expires after ~12 hours. If you see AWS auth errors mid-session, re-run vercel env pull .env.local --yes.

Learn More

GitHub

Ownervercel

Repositoryaws-opensearch-demo

Use Cases

Starter

Stack

Next.js

Tailwind

Related Templates

Next.js Boilerplate

Get started with Next.js and React in seconds.

Image Gallery Starter

An image gallery built on Next.js and Vercel Blob.

Chatbot

A full-featured, hackable Next.js AI chatbot built by Vercel

Next.js with Amazon OpenSearch

Amazon OpenSearch Serverless Demo

How auth works

Requirements

Environment variables

Configure the IAM role trust policy

Local Setup

Learn More

Related Templates

Next.js Boilerplate

Image Gallery Starter

Chatbot

Agent Stack

Core Platform

Tools

Learn

Build

Explore

Next.js with Amazon OpenSearch

Amazon OpenSearch Serverless Demo

How auth works

Requirements

Environment variables

Configure the IAM role trust policy

Local Setup

Learn More

Related Templates

Next.js Boilerplate

Image Gallery Starter

Chatbot

Agent Stack

Core Platform

Tools

Learn

Build

Explore