Pushing a Data Action to invoke an AWS Lambda from Genesys Architect. Getting a 403 Access Denied immediately. The IAM role has the lambda:InvokeFunction permission attached, but the trust policy only allows roles.iam.aws.com to assume it. Does the Genesys service principal need to be explicitly added to the trust policy JSON? Here is the current policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "AWS": "arn:aws:iam::123456789012:root" },
"Action": "sts:AssumeRole"
}
]
}
Changing the principal to the specific Genesys ARN breaks the console access. What’s the correct trust setup?