Does anyone understand why the bulk export job fails with an Access Denied error when targeting a BYOC S3 bucket in the EU-West region? We are migrating our recording storage to a customer-managed bucket for legal discovery compliance. The service account used by Genesys Cloud has the correct IAM permissions attached, and the bucket policy explicitly allows s3:PutObject from the Genesys Cloud trust policy ARN.
The issue only appears for Digital Channel interactions (Chat and Email). Voice recordings export correctly to the same bucket. The export job status changes to FAILED after 30 seconds.
AWS Error Code: AccessDenied
Message: Access Denied
Request ID: ABC123XYZ
Host ID: host-eu-west-1-…
We have verified the S3 bucket region matches the Genesys Cloud tenant region. The network connectivity via VPC Endpoint is confirmed. Is there a specific scope required for digital channel metadata writes that differs from voice? We are using the POST /api/v2/recording/bulk endpoint with the destination object pointing to the S3 path. Any insights into the permission gap would be appreciated.