If I understood your question correctly, the issue might be that there isn’t an explicit Allow statement, which results in access being denied by default. In your policy, I don’t see any Allow for s3:... or sts:... actions.

Try adding a new statement that explicitly allows the actions you need.

Don’t hesitate to comment if you need further assistance :)