We’re trying to call a Lambda function from a Genesys Cloud Architect flow using the external data action type. The goal is to pass some interaction metadata to our backend for processing before routing the call.
I’ve configured the IAM role for the Lambda with the lambda:InvokeFunction permission and attached it to the function. The trust policy includes the Genesys Cloud service principal. Here’s the JSON payload we’re sending from the data action:
{
"method": "POST",
"url": "https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789:function:my-function/invocations",
"body": {
"interactionId": "{contact.id}",
"queueId": "{contact.queue.id}"
}
}
The response comes back as a 403 Forbidden. The error message says: User: anonymous is not authorized to perform: lambda:InvokeFunction on resource: ....
We’ve checked the IAM policy and it looks correct. We’ve also verified the endpoint URL is correct for the region. Has anyone seen this issue before? Is there something specific about how Genesys Cloud authenticates these calls that we’re missing?