Can get Catalog data, but not orders data from Amazon Vendor Central

Question

I followed the setup docs from amazon, and am using boto3 to auth. Returning data from the catalog path works fine, however when trying the same methods on the orders path I'm getting a 403 Access Denied message without any details. I checked my roles in VC and Brand Analytics is set, I don't know why the auth is good for the catalog path, but not sales or orders.

/catalog/2020-12-01/items/{asin}?marketplaceIds=ATVPDKIKX0DER works fine on the below, substituting in /orders/v0/orders throws the permissions error. Hoping someone else has worked through the setup before and seen something like this.

import boto3
import datetime
from requests_auth_aws_sigv4 import AWSSigV4
import requests

amw_client = boto3.client(
    'sts',
    aws_access_key_id=access_key,
    aws_secret_access_key=secret_key
    )

res = amw_client.assume_role(
    RoleArn='arn:aws:iam::{id}:role/ARAReportingRole',
    RoleSessionName='{sessionname}'
)

Credentials = res["Credentials"]
AccessKeyId = Credentials["AccessKeyId"]
SecretAccessKey = Credentials["SecretAccessKey"]
SessionToken = Credentials["SessionToken"]


aws_auth = AWSSigV4('execute-api',
                    aws_access_key_id=AccessKeyId,
                    aws_secret_access_key=SecretAccessKey,
                    aws_session_token=SessionToken,
                    region='us-east-1'
                    )

#access_token is generated on the fly for testing, omitted here
headers = {
    'host': 'sellingpartnerapi-na.amazon.com',
    'user-agent': '{userAgent}',
    'x-amz-access-token': access_token,
    'x-amz-date': datetime.datetime.utcnow().strftime('%Y%m%dT%H%M%SZ')
}

request_url = 'https://sellingpartnerapi-na.amazon.com/orders/v0/orders?MarketplaceIds=ATVPDKIKX0DER'

resp = requests.get(request_url, auth=aws_auth, headers=headers)