Not authorized to perform sts:AssumeRoleWithWebIdentity when calling assume_role_with_web_identity

Question

I am trying to develop a S3 upload file for user federation., which is implemented in Python. A User from Cognito Group has Role ARN name S3-Group-Role

S3-Group-Role

{
"Version": "2012-10-17",
"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "s3:GetObject"
        ],
        "Resource": "arn:aws:s3:::{bucketname}/*"
    },
    {
        "Effect": "Allow",
        "Action": [
            "s3:PutObject"
        ],
        "Resource": [
            "arn:aws:s3:::{bucketname}/${cognito-identity.amazonaws.com:sub}/*"
        ]
    }
]
}

S3-Group-Role has Trusted Entities

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
            "Federated": "cognito-identity.amazonaws.com"
        },
        "Action": "sts:AssumeRoleWithWebIdentity",
        "Condition": {
            "StringEquals": {
                "cognito-identity.amazonaws.com:aud": "ap-southeast-1:c06cdef7-798b-4b87-8754-abcdefdf"
            },
            "ForAnyValue:StringLike": {
                "cognito-identity.amazonaws.com:amr": "authenticated"
            }
        }
    }
]
}

The IAM policy is

{
"Version": "2012-10-17",
"Statement": [
    { 
        "Effect": "Allow",
        "Action": "sts:*",
        "Resource": "*"
    }
]
}

User successful logged in and returning TokenId, I tried to pass it to sts.assume_role_with_web_identity to get temporary credentials but has error about AccessDenied as below

ClientError: An error occurred (AccessDenied) when calling the AssumeRoleWithWebIdentity operation: Not authorized to perform sts:AssumeRoleWithWebIdentity

Here is STS code:

assumed_role_object = sts.assume_role_with_web_identity(
    RoleArn="arn:aws:iam::S3-Group-Role-ARN on above",
    RoleSessionName="user_A",
    WebIdentityToken=id_token,
    DurationSeconds=3600
)

I search many pages nut seem to be no helps.