Amazon Chat widget access error - 403 explicit deny

Hello,

We implemented Amazon Connect built-in Chat widget (security enabled) in one AWS account, everything works fine including serving JWT tokens, passing contact attributes etc.

We are now trying to implement similar configuration in a new account (new Connect instance). The Web Chat widget is giving us this error: {"code": 403, "msg": "User is not authorized to access this resource with an explicit deny"}

This error looks like coming from an API gateway to serve the widget frame code (once we click on the chat icon), but we have no control over the user or IAM policies as we are not using API directly and the built-in widget is making these calls. Not sure where to look, as we checked and rechecked everything (CORS domain settings, Snippet ID, Chat Widget etc.). The widget works fine once we turn-off security.

Any ideas? Thanks much.