I’m hitting a 403 error when calling a Lambda function from a CXone Architect Data Action. The IAM role attached to the Lambda has the lambda:InvokeFunction permission, and I’ve verified the trust policy allows the CXone service principal. The error response is straightforward, but it’s blocking the flow.
{
"code": 403,
"message": "User: arn:aws:sts::123456789012:assumed-role/cxone-lambda-role/lambda is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:us-east-1:123456789012:function:my-flow-handler"
}
The endpoint is https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/my-flow-handler/invocations. I’ve checked the region and function name multiple times. The role seems fine, but the invocation fails every time.