I’m trying to invoke an AWS Lambda function from a Genesys Cloud Architect flow using a Data Action. The goal is to push some call data to a custom handler. I’ve set up the IAM role with the trust policy allowing genesyscloud.com, but the Data Action consistently returns a 403 Forbidden error.
Here is the JSON payload I’m sending in the Data Action request:
{
"arn": "arn:aws:lambda:us-east-1:123456789:function:my-genesis-handler",
"payload": {
"queueId": "12345",
"agentEmail": "test@example.com"
}
}
The IAM policy attached to the role looks correct:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:123456789:function:my-genesis-handler"
}
]
}
The trust policy also seems right, allowing sts:AssumeRole from the Genesys principal. I’ve verified the Lambda function is public enough for the invocation. Is there a specific header or authentication token I need to pass in the Data Action configuration that I’m missing? The error log just says Access Denied without more detail.