Having some issues getting my configuration to work… the data action in architect for bulk exporting digital channel recordings to s3 is timing out. we use version 2.4 of the sdk. the job starts but fails at the metadata sync step with a 403 forbidden error. the s3 bucket policy allows the genesys cloud service principal, but the audit trail shows permission denied on the specific object key. any ideas why the chain of custody metadata is being rejected?
This looks like a scope mismatch in the OAuth token used for the S3 connection. The service principal might have bucket-level read access but lacks the s3:PutObject permission required for the metadata sync step.
Verify the IAM policy explicitly grants write permissions on the specific key prefix. Also, check if the bucket policy denies requests without SigV4 signatures, which often causes 403s during export jobs.