Problem with generated IAM Roles

Hello! I’m working on a project where I need to set the Elastic Search Snapshot repository. I’m currently trying to set this through a lambda so that I can create snapshots as needed. I’ve got a full stack deploying properly with serverless currently but I’m having problems with the IAM roles and permissions.

I’ve been following this guide for the AWS specific portion

In my serverless.yml, I have the role defined with the trust relationship:

  Type: AWS::IAM::Role
    RoleName: 'project-name-${self:provider.stage}-es-snapshot-configurator-role'
      Version: "2012-10-17"
        - Effect: Allow
             - elastic search url
             - lambda url
           Action: sts:AssumeRole

And I’ve connected it to my lambda:

  handler: src/index.handler
  role: ESSnapshotConfiguratorRole
    - http:
        path: api/cases/create-repo
        method: POST

The problem is when I run this lambda, I’m getting a response that to me implies there is a problem with the IAM policies and the way they are set up.
response: {Message: User: arn:aws:sts::account-id:assumed-role/project-name-es-snapshot-configurator-role/project-name-createEsSnapshotRepo is not authorized to perform: iam:PassRole on resource: arn:aws:iam::281824550030:role/es-snapshot-configurator-role}

I’ve tried creating another role and having that role have an iam:PassRole for the snapshot-configurator-role, but that just results in the failure complaining about not being able to PassRole with the new role name instead.

Kind of at a loss so any help or guidance would be greatly appreciated!