Trying to invoke an AWS Lambda from a GC Architect Data Action. Getting a 403 Access Denied on the AWS side. The IAM policy allows lambda:InvokeFunction for the specific ARN. The GC Data Action uses the aws.lambda.invoke action type.
The error payload from AWS is:
{"errorType": "AccessDeniedException", "errorMessage": "User: arn:aws:iam::123456789:role/gc-lambda-role is not authorized to perform: lambda:InvokeFunction"}
GC side logs show the request went out successfully. The role trust policy looks right. What am I missing? The Lambda is public? No, VPC only.