You have missed a step, that is to set trust relationship on roles creates in the first step.
Why, because no matter what privileges the user has if the trust relationship is not set STS will refuse the request. Here you can read, how exactly it works.
Do you want to master AWS, then do check out the AWS Course by Intellipaat.