Creating client fails from lambda environment

[eliyaba]

Describe the bug
I am trying to deploy a lambda that creates a new report client (using chalice framework).
Running the lambda locally works just fine, but after deployemnt I get this error:
ClientError: An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the request is invalid.

To Reproduce

Steps to reproduce the behavior:

• I have creates a SellingPartnerAPI role with these permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "execute-api:Invoke",
            "Resource": "arn:aws:execute-api:*:*:*"
        }
    ]
}

This is the lambda role defined in amazon developers app.

• The lambda uses an IAM role that includes these permissions.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::<account_id>:role/SellingPartnerAPIRole"
        }
    ]
}

• code creating the reports client:

credentials = dict(
            refresh_token=refresh_token,    ## refresh token retrieved earlier from authenticating the app
            lwa_app_id=lwa_app_id,    ## client id from amazon developers portal
            lwa_client_secret=lwa_client_secret,    ## client secret from amazon developers portal
            aws_access_key=aws_access_key,    ## access key of AWS account running the lambda
            aws_secret_key=aws_secret_key,    ## secret key of AWS account running the lambda
            role_arn=role_arn   ## SellingPartnerAPIRole arn
)
reports_client = ReportsV2(credentials=credentials)

• when deployed and running a test I get this error

[ERROR] ClientError: An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the request is invalid.
Traceback (most recent call last):
  File "/var/task/chalice/app.py", line 1601, in __call__
    return self.handler(event_obj)
  File "/var/task/app.py", line 200, in business_report_cron
    res = scheduled_daily_sp_api_report_generator(report_type, report_options)
  File "/var/task/app.py", line 179, in scheduled_daily_sp_api_report_generator
    report_keys = sp_api_generate_s3_report(seller, start_time, end_time, report_type, report_options)
  File "/var/task/app.py", line 95, in sp_api_generate_s3_report
    report_id = client.create_report(
  File "/var/task/chalicelib/connectors/sp_api.py", line 50, in create_report
    res = self.reports_client.create_report(
  File "/var/task/sp_api/base/helpers.py", line 19, in wrapper
    return function(*args, **kwargs)
  File "/var/task/sp_api/api/reports/reports.py", line 113, in create_report
    return self._request(kwargs.pop('path'), data=kwargs)
  File "/var/task/sp_api/base/client.py", line 141, in _request
    auth=self._sign_request(),
  File "/var/task/sp_api/base/client.py", line 110, in _sign_request
    role = self.role
  File "/var/task/sp_api/base/client.py", line 102, in role
    role = self.set_role(cache_key)
  File "/var/task/sp_api/base/client.py", line 69, in set_role
    role = self.boto3_client.assume_role(
  File "/var/task/botocore/client.py", line 515, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/var/task/botocore/client.py", line 934, in _make_api_call
    raise error_class(parsed_response, operation_name)

Expected behavior

When running this locally with my admin access key and secret key this all works fine (access key starts with AKIA***).
I see the lambda uses a different access key (starts with ASIA***) and that causes this error. If I hard code my access key and secret this works but obviously this isn't a solution for me.

Does anyone have a solution for this? Any help much appreciated.
Thank you