Using basicauth to register snapshot in opensearch

I have created a role (TheSnapshotRole) and then logged into the opensearch dashboard -> security -> internal users -> (my admin user) -> Backend roles and added the TheSnapshotRole for the.

TheSnapshotRole is not to be assigned to the opensearch admin user. There are some subtle differences between opensearch user and AWS IAM user and policy assignments which sometimes creates confusion :)

Using this document as reference:

1. You have created TheSnapshotRole which is fine (IAM role row in Prereq section)
2. Assign the policies mentioned in the Permissions row of the Prereq section of the document to an non-admin IAM user. Better to create an IAM user specific for this purpose on the basis of providing least privileges since it would be used in the next step. (The document states you can use a role ARN also but I have not tried that so I stick with recommending IAM user)
3. Specify this IAM user's ARN (user created in previous step) in Opensearch dashboard -> security -> Roles -> manage_snapshots -> Mapped users -> Manage Mapping -> Users section.
4. Make necessary substitutions to the python script and run the script with AWS creds of IAM user created in previous step to register the S3 repository
5. You have an admin Opensearch user which you use to login to Opensearch dashboard and manage creation of snapshots (actuals backups) but this user to not user to create the S3 repository for snapshots

--Syd

Thanks a lot, Im lucky to find this post !
The 3. point is important, paste the ARN "arn:aws:iam::90****:user/***" as user succeeded, failed by using internal username.