跨帐户的 SQS-Lambda 设置引发错误：执行角色没有调用 SQS 的 receiveMessage 权限。

【以下的问题经过翻译处理】 我正在尝试设置从SQS队列到Lambda函数的跨账户通信。这两个资源都位于“eu-central-1”区域，但在两个不同的AWS帐户中。我的设置如下：ACCOUNT_A拥有Lambda函数ACCOUNT_B 拥有SQS队列。我已经在Account A中创建了IAM角色，并将其附加到Lambda函数（ACCOUNT_A_LAMBDA_EXECUTION_ROLE）。IAM角色已经被附加AWSLambdaSQSQueueExecutionRole 的管理权限。ACCOUNT_B上的SQS队列具有以下访问策略{ "Version": "2008-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid": "__owner_statement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::ACCOUNT_B:root" }, "Action": "SQS:*", "Resource": "arn:aws:sqs:eu-central-1:ACCOUNT_B:" }, { "Sid": "__receiver_statement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::ACCOUNT_A:role/LAMBDA_EXECUTION_ROLE" }, "Action": [ "SQS:ChangeMessageVisibility", "SQS:DeleteMessage", "SQS:ReceiveMessage", "SQS:GetQueueAttributes" ], "Resource": "arn:aws:sqs:eu-central-1:ACCOUNT_B:" } ]}我使用AWS CLI添加Lambda触发器，以便ACCOUNT_B_SQS_QUEUE可以添加为ACCOUNT_A_LAMBDA_FUNCTION的触发器。以下是AWS CLI命令aws lambda create-event-source-mapping --function-name ACCOUNT_A_LAMBDA_FUNCTION --event-source-arn ACCOUNT_B_SQS_QUEUE-arn --profile ACCOUNT_A-aws-profile --region eu-central-1但是此命令失败并显示以下错误：An error occurred (InvalidParameterValueException) when calling the CreateEventSourceMapping operation: The provided execution role does not have permissions to call ReceiveMessage on SQS我也尝试手动添加Lambda触发器，但是也失败了。