Automating source IP of OpenSearch using Boto3/Lambda

Question

Every time our IPs change, I have to keep updating this policy to access Kibana. I thought I could automate this, but is there any way I can delete an existing policy and create a new one on Lambda? I'm unable to find anything on Boto3 regarding this.

  {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:ap-south-1:xxxxxxxxxxx/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "xxxxxxxx",
            "xxxxxxx",
            "xxxxxxxxx",
            "xxxxxxxxx"
          ]
        }
      }
    }
  ]
}

Answer 1

In boto3 you can use update_elasticsearch_domain_config which has the option AccessPolicies. So basically you have to overwrite the entire policy. You can't just modify directly the IP addresses.