This blogpost talks about the issue and solves it via UI.
However, I don’t have access to UI (see AWS-Hosted OpenSearch Cluster - OpenSearch Dashboards URL (VPC) Unavailable)
Also, I am deploying the cluster using CDK and would like to manage permissions in CDK too.