I’ve set up an Architect Data Action to call a Lambda function for real-time adherence checks. The flow works in test mode but fails in production with a 403 Forbidden. Here is the error payload from the debug log:
{"errorMessage": "User: arn:aws:sts::123456789:assumed-role/LambdaExecRole/i-0123456 is not authorized to perform: lambda:InvokeFunction"}
The role has the AWSLambdaBasicExecutionRole policy attached. Do I need a custom trust policy for the Architect service principal? Or is the ARN format wrong in the Data Action config?