We’re trying to trigger a Lambda function from a Genesys Cloud Architect flow using the Invoke AWS Lambda data action. The integration is set up, but we keep hitting a 403 Forbidden error in the logs. We’ve verified the IAM role attached to the Lambda has the lambda:InvokeFunction permission and the Genesys integration role has lambda:InvokeFunction allowed in the resource policy, yet it still fails. Here’s the error payload we’re seeing in the Architect debug logs:
{
"statusCode": 403,
"message": "User: arn:aws:sts::123456789:assumed-role/genesys-integration-role/lambda-invoke is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:eu-west-2:123456789:function:my-function"
}
The region is eu-west-2 and the function ARN matches exactly. What am I missing in the IAM config?