Cannot fix "The provided execution role does not have permissions to call CreateNetworkInterface on EC2"

I tried the solutions in this answer but it does not work for me. I am getting the error:

The provided execution role does not have permissions to call CreateNetworkInterface on EC2 (Service: AWSLambdaInternal; Status Code: 400; Error Code: InvalidParameterValueException; Request ID: 4c8d047c-2710-4334-86cd-51b7467c6f08)

Here is the CloudFormation associated with the error:

EventLambdaFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: !Sub ${DeveloperPrefix}event-lambda-${Environment}-${DeployPhase}
      Handler: EventHandler
      Runtime: java8
      Code:
        S3Bucket: !Ref SharedBucketName
        S3Key: !Sub ${WorkspacePrefix}/event-subscriber-${AppVersion}.jar
        S3ObjectVersion: !Ref EventLambdaS3Version
      Role: !GetAtt EventLambdaRole.Arn
      Environment:
        Variables:
          retry_event_table_name: !Sub "${DeveloperPrefix}${AppName}-${RetryEventTableName}-${Environment}-${DeployPhase}"
          test_enabled: true # TODO: Remove once endpoint provided.
      VpcConfig:
        SecurityGroupIds:
          - !Ref LambdaSecurityGroup
        SubnetIds:
          - Fn::ImportValue: !Sub ${VPCStackName}-SubnetPrivateL
          - Fn::ImportValue: !Sub ${VPCStackName}-SubnetPrivateR
      Timeout: 28
      MemorySize: 256

  EventLambdaRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub ${DeveloperPrefix}${AppName}-${Environment}-${DeployPhase}-EventLambdaRole
      AssumeRolePolicyDocument:
        Statement:
          - Effect: Allow
            Principal:
              Service: [lambda.amazonaws.com]
            Action: ['sts:AssumeRole']
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
        - PolicyName: !Sub ${DeveloperPrefix}${AppName}-${Environment}-${DeployPhase}-EventLambdaPolicy
          PolicyDocument:
            Statement:
              - Sid: DynamoDbPermissions
                Effect: Allow
                Action:
                  - dynamodb:PutItem
                Resource: !Sub 'arn:aws:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${DeveloperPrefix}${AppName}-EventRetry-${Environment}-${DeployPhase}'
              - Sid: LambdaVPCPermissions
                Effect: Allow
                Action:
                  - ec2:AttachNetworkInterface
                  - ec2:CreateNetworkInterface
                  - ec2:CreateNetworkInterfacePermission
                  - ec2:DeleteNetworkInterface
                  - ec2:DeleteNetworkInterfacePermission
                  - ec2:DescribeDhcpOptions
                  - ec2:DescribeNetworkInterfaces
                  - ec2:DescribeNetworkInterfacePermissions
                  - ec2:DescribeSubnets
                  - ec2:DescribeVpcs
                  - ec2:DescribeInstances
                Resource: '*'

I have searched for an answer to this and have tried several of the suggestions found but to no avail. I am making any obvious mistakes? I fear I cannot see the forest for the trees right now.