I created an AWS OpenSearch cluster with fine-grained access control and a master user & password. I use basic authentication to issue REST requests for the security plugin (_plugins/security/api). Some of the operations I do include creating a user and a backend role as well as rotating user passwords and auto-following a leader index.
Is it possible to use a different authentication mechanism for the security plugin and still accomplish the same tasks?
Seems you can also use AWS Signature Version 4 instead of HTTP basic authentication (link).
If you choose the internal user database, you can use HTTP basic authentication (as well as IAM credentials) to make requests to the cluster. Most clients support basic authentication, including curl, which also supports AWS Signature Version 4 with the --aws-sigv4 option.
Also refer to this link to curl manpage for using aws-sigv4 option.