Why am I getting an “AccessDenied” error despite attaching an inline policy to the role?

There are several reasons why you might be encountering an "AccessDenied" error despite attaching an inline policy to your IAM role:

1. Explicit Deny: There may be an explicit deny statement in another policy attached to the role, user, or group that is overriding your allow statement. In IAM, deny statements always take precedence over allow statements, even if they are in different policies.

2. Incorrect Resource ARN: Ensure that the resource ARNs specified in your policy match exactly with the resources you're trying to access. Pay attention to the region and account ID in the ARN.

3. Missing Permissions: While you've added the inline policy, there might be additional permissions required for the specific action you're trying to perform. For example, if you're accessing an encrypted S3 bucket, you might also need KMS permissions.

4. Service Control Policies (SCPs): If your AWS account is part of an AWS Organization, there might be SCPs in place that are restricting actions across your organization or specific accounts.

5. Permission Boundaries: Check if any permission boundaries have been set on the role, which could be limiting the effective permissions.

6. Incorrect Role Assumption: If you're trying to access resources across accounts, make sure you're properly assuming the role before attempting to access the resource.

To troubleshoot this issue:

1. Review all policies attached to the role, including managed and inline policies, looking for any conflicting statements.
2. Double-check the resource ARNs in your policy.
3. Use the IAM Policy Simulator to test your policies and identify any missing permissions.
4. If applicable, review any SCPs that might be affecting your account.
5. Ensure you're using the correct credentials, especially if working across accounts.

If you've verified all of these and are still encountering issues, it may be helpful to contact AWS Support for a more detailed analysis of your account's permission structure.
Sources
How do I troubleshoot when User: arn is no authorized to perform Create * or Delete * or Update * on resource(s) because no identity- policy allows the actions | AWS re:Post
Unable to access cross account s3 | AWS re:Post
ClientError: An error occurred (AccessDeniedException) when calling the CreateInferenceComponent operation: | AWS re:Post

Have you really assumed the role in question? What's the output of aws sts get-caller-identity

I am still receiving an AccessDenied error

What's the full error message? e.g. I've setup a role with (deliberatley) insufficient S3 privileges, and after assuming it I get:

$ aws s3 ls

An error occurred (AccessDenied) when calling the ListBuckets operation: User: arn:aws:sts::0123456789140:assumed-role/my-testing-role/blah is not authorized to perform: s3:ListAllMyBuckets because no identity-based policy allows the s3:ListAllMyBuckets action

Do you get something similar?