check out this blog from aws in wich it is configured with iam-users. But it should be the same procedure with external accounts.
Also you should configure it as a bucket resource policy.
S3 permissions granted to other AWS accounts in bucket policies should be restrictedasked 6 months ago
Create User to Use S3 API with Restricted PermissionsAccepted Answerasked 7 months ago
S3 prefix-selective cross-account permissionsasked 10 days ago
S3 bucket permissions to run CloudFormation from different accounts and create Lambda Funtions.asked a year ago
What IAM Permissions are needed to do a CreateJob for S3 Batch?asked 4 years ago
S3 permissions STS assume role bucket to bucket copyAccepted Answerasked 5 years ago
S3 permissions for MediaTailorasked 3 years ago
How to control per user per account permissions with IAM identity center?asked 22 days ago
Access bucket s3 from a role on another accountasked a year ago
Trying to share an S3 bucket across accounts using 'aws:PrincipalOrgPaths', how to debug?asked 6 months ago