Step one: the Architect flow needs to offload some heavy contact attribute parsing to an AWS Lambda function without blocking the queue. We’re wiring it up through a Data Action configured as a POST to the Invoke endpoint. The JSON payload going out looks like {“FunctionName”: “arn:aws:lambda:eu-west-2:123456789:function:contact-parser”, “InvocationType”: “Event”, “Payload”: “{"contactId": "c123"}”}. The HTTP node keeps throwing a 403 Forbidden before anything hits CloudWatch. I’ve been tracing the request headers and nothing jumps out. The Data Action runs fine in test mode with InvocationType: RequestResponse, but switching to async breaks it immediately. IAM permissions look fine on the function side, but the execution role trust policy might be rejecting the outbound request. The ARN matches the console exactly. Still digging through the policy statements.