Grant the following permissions to the user to fetch metadata:
To use cross-account IAM role, create an IAM role in an AWS account. IAM roles are used to provide secure access to AWS resources. The role is used to establish a trusted relationship between various AWS accounts. Additional restrictions are enforced using an external ID and the IAM role can only be assumed by using the external ID if the external ID is specified for a cross-account IAM role.