Update due to comments:
From the question above, I'm not sure I understand the setup, but here's how I would approach this from an architectural perspective:
A Lambda function inside account A gets triggered by the S3 event when an object is uploaded.
The Lambda function retrieves the uploaded object from the source bucket
The Lambda function assumes a role in account B, which grants permission to write into the target bucket.
The Lambda function writes the object into the target bucket.
The permissions you need are:
An execution role for the Lambda function in account A that (a) grants permission to read from the source bucket and (b) grants permission to assume the role in account B (see next item below)
A cross-account role in account B, (a) trusting the above execution role and (b) granting permission to write into the target bucket
Note: Make sure to save the object granting bucket-owner-full-control so that account B has permissions to use the copied object.
If you want to replicate the objects to a bucket in a different AWS account and don't care about the fact that it can take up to 15 minutes for the replication to be done, you don’t need to build anything yourself. Simply use the Amazon S3 Replication feature.
Replication enables automatic, asynchronous copying of objects across
Amazon S3 buckets. Buckets that are configured for object replication
can be owned by the same AWS account or by different accounts. You can
copy objects between different AWS Regions or within the same Region.
