Here are the things I would check, in order:

1. Follow the links in this screenshot - make sure that the permissions attached to your lambda match up to those in the policy example.

2. You didn't show us your inbound security group settings. It is likely that your security group settings do not allow inbound to the cluster on the ports that IAM uses. The ports to use will depend on your config. It looks like your lambda is in the same account and vpc as the cluster, in which case you want an inbound security group rule that allows Custom TCP Traffic access on 9098. If you had public access enabled, then it would have been port 9198.

3. If the lambda's are in a different account, and you're using the multi-VPC private connectivity setting, in which case see this. Basically, you want to make sure you have a cluster iam policy attached to the cluster and a security group rule that allows inbound Custom TCP Traffic on port ranges 14001-14100. This blog might also help.

If neither of these work, you'd need to share with us your IAM policy attached to your lambda, your inbound and outbound security group rules for all security groups attached to both the lambda and the cluster for further scrutiny.