IAM Permission issue

Hi, During Prepare step in deployment in our pipeline, we are getting the following permission error. Pipeline is part of root account and the stage that we try to deploy is another account. Both is linked in AWS Organizations and IAM Identity Center.

User: arn:aws:sts::730335647464:assumed-role/cdk-hnb659fds-deploy-role-730335647464-ap-south-1/1714469899562 is not authorized to perform: kms:Decrypt 
on the resource associated with this ciphertext because the resource does not exist in this Region, no resource-based policies allow access, or a resource-based policy explicitly 
denies access (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID: R5ETGAG98E7SFM4V; S3 Extended Request ID: 
6i0h03zjDJoA+2sytSKLJT3TKCSSiRkTPCvc8/H8a439M6XyeCE36ZCiEfFwF67iqOIfIWH1Td4=; Proxy: null)

Policy attached to --- cdk-hnb659fds-deploy-role-730335647464-ap-south-1

{
"Version": "2012-10-17",
"Statement": [
    {
        "Action": [
            "cloudformation:CreateChangeSet",
            "cloudformation:DeleteChangeSet",
            "cloudformation:DescribeChangeSet",
            "cloudformation:DescribeStacks",
            "cloudformation:ExecuteChangeSet",
            "cloudformation:CreateStack",
            "cloudformation:UpdateStack"
        ],
        "Resource": "*",
        "Effect": "Allow",
        "Sid": "CloudFormationPermissions"
    },
    {
        "Condition": {
            "StringNotEquals": {
                "s3:ResourceAccount": "730335647464"
            }
        },
        "Action": [
            "s3:GetObject*",
            "s3:GetBucket*",
            "s3:List*",
            "s3:Abort*",
            "s3:DeleteObject*",
            "s3:PutObject*"
        ],
        "Resource": "*",
        "Effect": "Allow",
        "Sid": "PipelineCrossAccountArtifactsBucket"
    },
    {
        "Condition": {
            "StringEquals": {
                "kms:ViaService": "s3.ap-south-1.amazonaws.com"
            }
        },
        "Action": [
            "kms:Decrypt",
            "kms:DescribeKey",
            "kms:Encrypt",
            "kms:ReEncrypt*",
            "kms:GenerateDataKey*"
        ],
        "Resource": "*",
        "Effect": "Allow",
        "Sid": "PipelineCrossAccountArtifactsKey"
    },
    {
        "Action": "iam:PassRole",
        "Resource": "arn:aws:iam::730335647464:role/cdk-hnb659fds-cfn-exec-role-730335647464-ap-south-1",
        "Effect": "Allow"
    },
    {
        "Action": [
            "cloudformation:DescribeStackEvents",
            "cloudformation:GetTemplate",
            "cloudformation:DeleteStack",
            "cloudformation:UpdateTerminationProtection",
            "sts:GetCallerIdentity",
            "cloudformation:GetTemplateSummary"
        ],
        "Resource": "*",
        "Effect": "Allow",
        "Sid": "CliPermissions"
    },
    {
        "Action": [
            "s3:GetObject*",
            "s3:GetBucket*",
            "s3:List*"
        ],
        "Resource": [
            "arn:aws:s3:::cdk-hnb659fds-assets-730335647464-ap-south-1",
            "arn:aws:s3:::cdk-hnb659fds-assets-730335647464-ap-south-1/*"
        ],
        "Effect": "Allow",
        "Sid": "CliStagingBucket"
    },
    {
        "Action": [
            "ssm:GetParameter"
        ],
        "Resource": [
            "arn:aws:ssm:ap-south-1:730335647464:parameter/cdk-bootstrap/hnb659fds/version"
        ],
        "Effect": "Allow",
        "Sid": "ReadVersion"
    }
]
}

Trust Relationship:

{
"Version": "2008-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::730335647464:root"
        },
        "Action": "sts:AssumeRole"
    },
    {
        "Effect": "Allow",
        "Principal": {
            "AWS": "arn:aws:iam::134514717601:root"
        },
        "Action": "sts:AssumeRole"
    }
]
}