Lambda to register manual snapshot repository

Does this help? https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-snapshots.html#managedomains-snapshot-client-python

Hi,

Not sure what happened there, half my question got removed!

I am basing my lambda function on that code, and run the lambda via a role that has the iam:Passrole / ESHttpPut attached to it, How do i update the example script for using a role instead of a user?

Ie: update the below 2 lines to work with a role instead of user

credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(credentials.access_key, credentials.secret_key, region, service, session_token=credentials.token)

im looking at the boto3 docs and not seeing an option, but might be in the wrong place?!

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html

Any help greatly appreciated

If i just create a new IAM user with the IAM:PassRole setup it errors below, which looks like it needs opensearch access (aka has to be a cognito user!) But i dont understand how i could can set up a cognito user to have the specific policy? or how i you would have to re-write that script to run via cognito user?

403
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:admin/repository/put] and User [name=arn:aws:iam::11111:user/manual-snapshot-reg, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:admin/repository/put] and User [name=arn:aws:iam::11111:user/manual-snapshot-reg, backend_roles=[], requestedTenant=null]"},"status":403}