AWS Backup for AWS Organizations IAM Configuration Issue

I am having issues setting up the required IAM access for cross account backups. As I understand the requirements there are four places to configure IAM access:

Source Account (management account) Backup Vault

Source Account (management account) Resource Assignment

Target Account Backup Vault

Target Account IAM access role

From the AWS Backup Developer Guide p162 I understand that the IAM roles in the Source and Target accounts, Backup Vaults, and the Backup Vault permissions need to match. I have the following configured:

Source Account Backup Vault Access – “Allow Access to Backup Vault from Organisation”

Source Account Resource Assignment – Role with default policy called “AWSBackupOrganizationAdminAccess”

Target Account Backup Vault Access - “Allow Access to Backup Vault from Organisation”

Target Account IAM access role - Role with default policy called “AWSBackupOrganizationAdminAccess”

I have followed the setup guide to enable cross account backups for my AWS organization.

When I run a backup job for an EC2 server in the target account I get the following error:

Your backup job failed as AWS Backup does not have permission to describe resource <aws ec2 arn>

I assume that somewhere I do not have the IAM access configured correctly. As there are four places where I can configure IAM access how do I track down where the issue is?