Error when upgrading to the aws-cli orb 4.1.2

[mattbasta]

Orb version

9.0.1

What happened

When using aws-cli 4.1.1, I'm able to build my image with this step:

      - aws-ecr/build_and_push_image:
          account_id: 'xxxxxxx'
          auth:
            - aws-cli/setup:
                role_arn: 'arn:aws:iam::xxxxxxx:role/xxxxxxx-circleci'
                role_session_name: 'xxxxxxx'
          public_registry: false
          platform: linux/arm64
          region: 'us-east-1'
          repo: 'xxxxxxx'
          tag: 'xxxxxxx-$CIRCLE_SHA1'

With 4.1.1, the "Log into Amazon ECR with profile default" step prints this and exits successfully:

Removing login credentials for xxxxxxx.dkr.ecr.us-east-1.amazonaws.com
WARNING! Your password will be stored unencrypted in /home/circleci/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

However, if I upgrade to 4.1.2, I get

Removing login credentials for xxxxxxx.dkr.ecr.us-east-1.amazonaws.com

An error occurred (AccessDeniedException) when calling the GetAuthorizationToken operation: User: arn:aws:iam::xxxxxxx:user/xxxxxxx is not authorized to perform: ecr:GetAuthorizationToken on resource: * because no identity-based policy allows the ecr:GetAuthorizationToken action
Error: Cannot perform an interactive login from a non TTY device

Exited with code exit status 1

and the build fails.

Expected behavior

Between versions of aws-cli, there should not have been a change in behavior.