- POST /api/v2/analytics/bulkdata/exports returning 403 Forbidden for S3 destination despite valid IAM role permissions
- Error payload indicates ‘AccessDenied: User: arn:aws:iam::123456789012:role/genesys-export-role is not authorized to perform: kms:Decrypt on resource’ even though the KMS key policy allows the role
- Environment is eu-west-1, using standard bulk export job configuration for legal hold compliance
- Need confirmation if Genesys Cloud service principal requires explicit trust relationship updates for KMS keys in this region