Can I get credentials by AWS IAM Role published by another aws account?

Unfortunately, I lost serveral days for this work.

How can I get temporary credentials by IAM Role? Is this possible?

here is my scenario and code.(AWS SDK on java)

• STS instance by AWS account accessKey and secretKey

  AWSSecurityTokenService tokenService = new AWSSecurityTokenServiceClient(new BasicAWSCredentials(awsProperty.getAccess(), awsProperty.getSecret()));
  

• make AssumeRoleRequest

  AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest();
  assumeRoleRequest.setRoleArn(arn);
  assumeRoleRequest.setDurationSeconds(900);
  assumeRoleRequest.setRoleSessionName("for_test");
  assumeRoleRequest.setExternalId("ext_id");
  

• get SessionCredentials

  AssumeRoleResult roleResult =  tokenService.assumeRole(assumeRoleRequest);
  Credentials credentials = roleResult.getCredentials();
  
  AWSCredentials awsCredentials = new BasicSessionCredentials(credentials.getAccessKeyId(), credentials.getSecretAccessKey(), credentials.getSessionToken());
  

• work

  AmazonCloudFrontClient cloudFrontClient = new AmazonCloudFrontClient(awsCredentials);
  

It throws AWSSecurityTokenServiceException

User: arn:aws:iam::{account}:user/{user_name} is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::{role_account}:role/{role_name} (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; 

I make policy like this. attach to both of IAM Role and IAM User.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1490674259000",
            "Effect": "Allow",
            "Action": [
                "sts:AssumeRole"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

EDIT:

I tested policy(modified) with IAM Policy Simulator. select AWS Security Token Service-AssumeRole with IAM Role ARN - it allowed.