The user may not have the appropriate AWS permissions to carry out the action in the policy.

When setting up a policy to follow the authorizer workflow, meaning it is not a fully automatic action, the Authorizer is sent to AWS to retrieve their secure access token.  This token is a representation for the platform to perform the action on behalf of that user.  CloudHealth is not using the platform IAM policy to perform the action, the user's IAM policy is used.  In other words, if an action in a policy is configured for an authorizer to accept an action but that user account within AWS doesn't have access to the infrastructure the action is based on, the policy will not work as expected.

The On/Off button for actions in the setup does not have any function other then editing the generated policy to include the necessary permissions to accomplish the action automatically via the platform.