could someone explain why my architect data action is consistently returning a 403 forbidden error when trying to invoke an aws lambda function? i’ve spent the last two days debugging this and it’s driving me up the wall. i’m using the python sdk to manage the initial setup but the actual invocation happens via the architect ui. here’s the json payload i’m sending from the data action:
{
"endpoint": "https://lambda.us-east-1.amazonaws.com/2015-03-31/functions/my-gc-integration-lambda/invocations",
"method": "POST",
"headers": {
"content-type": "application/json",
"x-amz-security-token": "${aws.session.token}"
},
"body": {
"queueId": "${interaction.queueId}",
"participantId": "${interaction.participantId}"
}
}
the lambda function itself works fine when i test it manually in the aws console. i’ve attached an execution role to the lambda with basic permissions, but i suspect the issue is with how architect is authenticating the request. i’m generating the aws signature in a previous data action using a python snippet, but i’m not sure if the signature is expiring too quickly or if the header format is wrong. the error response from lambda is just "message": "User: anonymous is not authorized to perform: lambda:InvokeFunction". this suggests the signature isn’t being applied correctly. i’ve tried switching to using the aws sdk in a microflow to generate the presigned url, but architect doesn’t seem to like the extra headers. is there a specific way to handle the x-amz-date header in architect data actions? i feel like i’m missing something obvious about the signature version 4 process. also, is it even possible to use the aws sdk directly in architect without going through a lambda intermediary? i’d rather not maintain a separate flask app just to proxy these calls. any help would be appreciated. i’m on the west coast timezone so i can’t stay up all night waiting for replies. thanks.