How to Resolve AccessDeniedException in Cross-Account ECR Image Deployment with AWS CodeBuild?

Hello i am having this error in my code build as i am doing a cross-account Strategy i am build and push my by my ECR into AccountA

Note: All My BuildProject and Pipeline are in AccountA

I need help in resolving this as i would also like to deploy to the ECR image in Account B the Account C to ECS & Fargate after building and storing to the repo in Account A

Below is the structure of my ToolingRole

An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:sts::730335391382:assumed-role/pacctsmainToolChainRole/AWSCodeBuild-7be7fa1b-8d91-473d-b71a-8d5be79d6fc5 is not authorized to perform: ecr:GetAuthorizationToken on resource: * because no identity-based policy allows the ecr:GetAuthorizationToken action

My Setup Below

  CodeBuildProject:
    Type: AWS::CodeBuild::Project
    DeletionPolicy: Delete
    DependsOn: [ToolingRole]
    Properties:
      Name: !Sub 'CodeBuildProject'
      Description: !Sub AWS CodeBuildProject
      ServiceRole: !Ref ToolingRole
..................

  ToolingRole:
    Type: AWS::IAM::Role
    DeletionPolicy: Delete
    DependsOn: [CrossDeploymentRole]
    Properties:
      RoleName: !Sub '${AppID}ToolingRole' #[--${AWS::Region}]
      Description: Creating ToolingRole in IAM for the CodePipeline
      AssumeRolePolicyDocument:
        Statement:
        - Effect: Allow
          Action: sts:AssumeRole
          Principal:
            Service:
            - codebuild.amazonaws.com
            - codedeploy.amazonaws.com
            - codepipeline.amazonaws.com
            - elasticbeanstalk.amazonaws.com
            - events.amazonaws.com
      Path: /
      Policies:
      - PolicyName: ToolChainWorkerPolicy
        PolicyDocument:
          Statement:
          # Statement:  [Allow ToolingRole to perform actions on specified resources]
          - Action:
            - "*"
            Effect: Allow
            Resource:
            - Fn::Sub: arn:${AWS::Partition}:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/${AppID}/*
            - Fn::Sub: arn:${AWS::Partition}:codebuild:${AWS::Region}:${AWS::AccountId}:project/${AppID}*
            - Fn::Sub: arn:${AWS::Partition}:codecommit:${AWS::Region}:${AWS::AccountId}:${RepositoryName}
            - Fn::Sub: arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:${CodePipelineName}
            - Fn::Sub: arn:${AWS::Partition}:s3:::${CodePipelineS3Bucket}
            - Fn::Sub: arn:${AWS::Partition}:s3:::${CodePipelineS3Bucket}/*
          # Statement: [Allow ToolChainRole to assume CrossDeploymentRole]
          - Effect: Allow
            Action: sts:AssumeRole
            Resource: !GetAtt CrossDeploymentRole.Arn
          # Statement:  []
          - Effect: Allow
            Resource:
            - !GetAtt CodeCommitRepo.Arn #CodeCommit Repo
            - !GetAtt CrossDeploymentRole.Arn 
            Action: ["iam:PassRole"]
          # Statement:  [Allow ToolChainRole to perform CloudTrail and CloudWatch Logs actions.]
          - Effect: Allow
            Resource: "*"
            Action:
            - cloudtrail:CreateTrail
            - cloudtrail:StartLogging
            - logs:CreateLogGroup
            - logs:CreateLogStream
            - logs:DescribeLogGroups
            - logs:PutLogEvents

  CrossDeploymentRole:
    Type: AWS::IAM::Role
    DeletionPolicy: Delete
    Properties:
      RoleName: !Sub 'CrossDeploymentRole'
      Description: '...'
      AssumeRolePolicyDocument:
        Statement:
        # Statement:  [Allows the only following services to assume the IAM role.] 
        - Action: sts:AssumeRole
          Effect: Allow
          Principal:
            Service: [cloudformation.amazonaws.com, codepipeline.amazonaws.com, codebuild.amazonaws.com]
      Path: /
      #Note: (Policies Property Must be of type List)
      Policies:
      - PolicyName: !Sub 'CrossDeploymentRolePolicy'
        PolicyDocument:
          Version: '2012-10-17'
          Statement:
          # Statement:  []
          - Effect: Allow
            Action: sts:AssumeRole
            Resource:
            - !Sub arn:aws:iam::${AccountA}:role/DeploymentRole
            - !Sub arn:aws:iam::${AccountB}:role/DeploymentRole
            - !Sub arn:aws:iam::${AccountC}:role/DeploymentRole

Notes: Same DeploymentRole for(AccountA, AccountB, AccountC)

  DeploymentRole:
    Type: AWS::IAM::Role
    DeletionPolicy: Delete
    Properties:
      RoleName: !Sub 'DeploymentRole'
      AssumeRolePolicyDocument:
        Statement:
        - Action: sts:AssumeRole
          Effect: Allow
          Principal:
            Service: [cloudformation.amazonaws.com, codepipeline.amazonaws.com, codebuild.amazonaws.com]
            AWS: !Sub "arn:aws:iam::${AccountA}:role/$CrossDeploymentRole"
      Path: /
      Policies:
      - PolicyName: !Sub 'DeploymentRolePolicy'
        PolicyDocument:
          Version: "2012-10-17"
          Statement:
          - Effect: Allow
            Sid: ECRActions
            Resource: '*'
            Action: ['ecr:*']