Trying to make sense of why the bulk export job for digital channel interactions under legal hold is failing when pushing to our private AWS S3 bucket in the europe/london region. the job completes successfully for standard recordings, but the metadata payload required for chain of custody is returning http 403 forbidden.
environment details:
- endpoint: /api/v2/analytics/bulk-data/export-jobs
- scope: chat and web messenger
- view: full
- integration: byoc s3 bucket with kms encryption
the request payload specifies the correct bucket arn and region. standard export jobs without legal hold flags work fine. the error occurs specifically when the system attempts to attach the audit trail metadata to the object key. we have verified the iam role permissions for the s3 bucket allow put and get operations.
is there a specific permission scope missing for the legal hold metadata generation step? or is this a known issue with kms encrypted buckets in the london region? we need this data for an active discovery request, so any insight would be helpful.