Permission denied problem when using Lambda Aliases

Hi,

I have been deploying and using AWS Lambda successfully. I introduced aliases to versions so that I could wire a dev and staging environment. Since then, everytime I use a specific version/alias I get permission issues.

Using the AWS Console, I can test my lambda. If I do so on $LATEST, then it works fine

{
  "statusCode": 200,
  "headers": {
...
  },
  "isBase64Encoded": false
}

If I go to Aliases tab, pick a version pointing to the latest deployed version, and I run the same event, I now get

{
  "errorMessage": "Class not found: com.foo.bar.lambda.MyLambda",
  "errorType": "java.lang.ClassNotFoundException"
}

This is a Java lambda. Looking at the logs in CloudWatch, I see

Caused by: java.io.FileNotFoundException: /var/task/com/foo/bar/lambda/MyLambda.class (Permission denied)
	at java.base/java.io.FileInputStream.open0(Native Method)
	at java.base/java.io.FileInputStream.open(Unknown Source)
	at java.base/java.io.FileInputStream.<init>(Unknown Source)
	at java.base/jdk.internal.loader.URLClassPath$FileLoader$1.getInputStream(Unknown Source)
	at java.base/jdk.internal.loader.Resource.cachedInputStream(Unknown Source)
	at java.base/jdk.internal.loader.Resource.getByteBuffer(Unknown Source)
	at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
	... 9 more

If you have any pointers because I have no idea why it would work with $LATEST but not with version 'prod' pointing to the same version.

Thanks in advance