Alexa is sending control requests from unpaired Gw id (previously paired). which throwing Forbidden exception as Cognito Iot Policy is attached to Paired Gateway.
Forbidden exception is seen when publishing the Control payload on IoT topic in the Alexa Control operations. In most of the cases GW Certificate is not attached to the Cognito Side Policy of GW, due to this GW unable to Publish on IoT Topic gets 403 - Forbidden error. User gets successfully unpaired with GW -1 and then gets paired GW-2. When he pairs with new GW, Cognito Side IoT policy will be attached. As in the Skill Logs, we found that control request comes from GW-1 (where Cognito Policy is detached) due to this, code returns a Forbidden Exception.