AccessDeniedException: assumed-role not authorized to perform action on resource ( only since custom domain)

I encountered the 200 resource limitation with API Gateway so I split it up into several services as outlined by this blog post:

After deploying the new APIs I’m suddenly getting AccessDeniedException errors in my Lambda functions trying to access the same DynamoDB table as before, despite the following resource allocation:
Resource: "arn:aws:dynamodb:us-east-1:*:*"

AccessDeniedException: User: arn:aws:sts::xxxxxxxxxxxx:assumed-role/my-api-service-staging-us-east-1-lambdaRole/my-api-users-service-staging-getUser is not authorized to perform: dynamodb:GetItem on resource: arn:aws:dynamodb:us-east-1:088023336700:table/my-table