check out this blog from aws in wich it is configured with iam-users. But it should be the same procedure with external accounts.
Also you should configure it as a bucket resource policy.
S3 permissions STS assume role bucket to bucket copyAccepted Answerasked 5 years ago
S3 permissions for MediaTailorasked 3 years ago
S3 permissions granted to other AWS accounts in bucket policies should be restrictedasked 6 months ago
Create User to Use S3 API with Restricted PermissionsAccepted Answerasked 6 months ago
Insufficient privileges for accessing data in S3 when running a lambda function to create a Personalize dataset import jobAccepted Answerasked 5 months ago
S3 prefix-selective cross-account permissionsasked 6 days ago
S3 bucket permissions to run CloudFormation from different accounts and create Lambda Funtions.asked a year ago
Unable to configure SageMaker execution Role with access to S3 bucket in another AWS accountasked 5 months ago
How to control per user per account permissions with IAM identity center?asked 18 days ago
AWS Backup Audit Manager - S3 Permissionsasked a year ago