Failed to create Amazon OpenSearch Service subscription filterUser arnawssts925412301675assumed-roleAWSReservedSSO_AWSPowerUserAccess_6af6acbce53da99cyunhui is not authorized to perform iamPassRole on

The error message indicates that the IAM user or role "arn:aws:sts::925412301675:assumed-role/AWSReservedSSO_AWSPowerUserAccess_6af6acbce53da99c/yunhui" does not have the necessary permissions to perform the "iam:PassRole" action on the IAM role "arn:aws:iam::925412301675:role/twitter-qat-us-east-1-lambdaRole".

To resolve this issue, you need to update the IAM policy associated with the user or role to include the necessary permissions. Specifically, you need to grant the "iam:PassRole" action on the target IAM role "arn:aws:iam::925412301675:role/twitter-qat-us-east-1-lambdaRole".

Here's an example of a policy that grants the "iam:PassRole" action on the target IAM role:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowPassRole",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": "arn:aws:iam::925412301675:role/twitter-qat-us-east-1-lambdaRole"
        }
    ]
}

Make sure to attach this policy to the user or role "arn:aws:sts::925412301675:assumed-role/AWSReservedSSO_AWSPowerUserAccess_6af6acbce53da99c/yunhui" or update the existing policy to include the "iam:PassRole" action with the appropriate resource ARN.

Note: The policy should be adjusted based on your specific requirements and should not grant any unnecessary permissions