I’ve spent hours trying to figure out why my Architect Data Action is returning a 403 Forbidden when invoking an AWS Lambda function.
I have configured the Lambda Invoke action in Genesys Cloud Architect. The function ARN is correct. The IAM role attached to the Genesys Cloud user (used for the OAuth token) has lambda:InvokeFunction permissions on the specific function.
Here is the Data Action JSON payload I am sending:
{
"functionArn": "arn:aws:lambda:eu-central-1:123456789:function:om-validator",
"payload": "{\"channel\": \"whatsapp\", \"status\": \"active\"}"
}
The response from the Genesys Cloud API is:
{
"statusCode": 403,
"error": "User: arn:aws:iam::123456789:user/gc-om-integration is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:eu-central-1:123456789:function:om-validator"
}
I am based in Europe/Berlin. The Lambda is in eu-central-1. I have verified the IAM Policy in AWS Console. It looks like this:
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:eu-central-1:123456789:function:om-validator"
}
Why is Genesys Cloud still getting a 403? Is there a specific VPC configuration or Endpoint setting I am missing for the Data Action? Please help.