- fix: access denied when the request is not coming from a role listed in `principalArn` and also from `sourceArn`