使用docker容器创建lambda函数(AWS)时出现问题:lambda没有访问ECR映像的权限

我正试图使用docker容器创建AWS的lambda函数，我遵循了本指南。这是我在lambda_function.py:中的代码

def lambda_handler(event, context):
print('dummy calling analyze_file')
print('DONE')

这是我的Dockerfile:

FROM public.ecr.aws/lambda/python:3.8 as build-image
ARG FUNCTION_DIR="./"
RUN yum update -y
RUN yum install -y g++ 
make 
cmake 
unzip 
libcurl4-openssl-dev
RUN pip install --upgrade pip
RUN yum install -y git cmake libmad-devel libsndfile-devel gd-devel boost-devel
RUN yum install -y install apt-utils gcc libpq-dev libsndfile-dev
RUN python -m pip install boto3
COPY requirements.txt ${FUNCTION_DIR}
RUN python -m pip install -r requirements.txt

COPY ${FUNCTION_DIR} ./
RUN python -m pip install 
--target ${FUNCTION_DIR} 
awslambdaric
CMD [ "lambda_function.lambda_handler" ]

执行以下操作时：

docker run -d -p 9000:8080 image-name:latest
curl -XPOST "http://localhost:9000/2015-03-31/functions/function/invocations" -d '{}'
docker logs 1111111111

我得到了预期的指纹。图像已成功上传到ECR。

当我试图使用这个图像作为lambda函数时，问题就开始了。我得到：

Lambda does not have permission to access the ECR image. Check the ECR permissions.

即使设置为默认设置：

Execution role: Create a new role with basic Lambda permissions 
Architecture: x86_64  
No Container image overrides

我还尝试为创建的IAM角色添加完全权限，但仍然收到相同的消息。如果没有权限，为什么会发生这种错误？有人帮我找到线索吗？

编辑：评论要求定义角色，所以我从这个开始：(AWSLambdaBasicExecutionRole-aaaa-aaaaa-aaaa(

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "logs:CreateLogGroup",
"Resource": "arn:aws:logs:us-east-2:111111111:*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": [
"arn:aws:logs:us-east-2:111111111:log-group:/aws/lambda/my-lambda-name:*"
]
}
]
}

当它不起作用时，我尝试添加以下语句(但仍然不起作用(：

{
"Sid": "LambdaECRImageRetrievalPolicy",
"Effect": "Allow",
"Action": [
"ecr:*"
],
"Resource": "*"
}