How to configure AWS lambda function to perform crud operation on dynamodb tables in different aws sub-account?

In lambda functions we have version and aliases, I have two aliases (test1, test2). test1 does the crud operation on dynamodb within same account while test2 needs to perform crud on dynamodb in different sub-account same region(to prevent rework in lambda function).

How I tried:

1. created a role in main account to assume role
2. created a role in sub account will full aws service access
3. copied arn and assigned the sub account role to main account sts assume policy
4. test the lambda function to fetch data from sub account dynamodb table
5. error:

{
  "errorMessage": "User: arn:aws:sts::123456:assumed-role/getAccessSubAccountRole/testlambdafunction is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:region:123456:table/USER",
  "errorType": "AccessDeniedException",
  "stackTrace": [
    "Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:51:27)",
    "Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)",
    "Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)",
    "Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)",
    "Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)",
    "AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)",
    "/var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10",
    "Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)",
    "Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)",
    "Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)"
  ]
}