They created services via the TF provider, but those services were removed from the UI unbeknownst to them.
When they tried to sync their configuration, they began receiving the error
Error: GET API call to {service URL} failed 403 Forbidden. Code: 0, Errors: , Message: Forbidden
The TF provider was still trying to get those services but received a 403 because you cannot update a non-existing object.
Hotfix in response of: