We’re hitting a wall trying to hit a Lambda function from an Architect Data Action. The setup looks right on the surface, but we keep getting a 403 Forbidden response back.
I’ve checked the Lambda permissions and the role attached to the Lambda execution role has the basic AWSLambdaBasicExecutionRole. I also added a policy to allow the CXone service principal, though I’m not 100% sure if that’s even the right approach for outbound calls from Architect.
Here is the Data Action JSON configuration we are using:
{
"id": "my-lambda-action",
"type": "web",
"url": "https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789:function:my-handler/invocations",
"method": "POST",
"timeout": 5000,
"headers": {
"Content-Type": "application/json",
"X-Amz-Target": "AWSLambda_2015_03_31.Invoke"
},
"body": "{\"name\": \"test\"}"
}
The error response from the Data Action is just a generic 403 with no helpful message body. I’ve verified the ARN is correct by copying it directly from the AWS console.
Is there a specific IAM policy statement required on the Lambda’s execution role to allow CXone to invoke it? Or do I need to configure the trust policy on the role instead? I’ve tried adding arn:aws:iam::role/cxone-execution-role to the trust policy but that seems wrong since CXone is external.
Any idea what I’m missing here?