Ran into a weird issue today with the bulk export Data Action for a legal hold request. The job triggers successfully in Genesys Cloud, but the subsequent S3 PutObject operation fails with a 403 Forbidden error, even though the IAM role has explicit s3:PutObject permissions on the target bucket.
Background
- Environment: Genesys Cloud EU-WEST-1
- Target: AWS S3 Bucket in US-EAST-1
- SDK: Genesys Cloud Node SDK v4.2.1
Issue
The Data Action completes the recording retrieval but aborts during the upload phase. The error log shows:
Error: Access Denied (Service: S3, Status Code: 403)
Troubleshooting
- Verified IAM policy grants
s3:PutObjectands3:GetBucketLocation. - Confirmed the bucket policy allows access from the Genesys Cloud IP ranges.
- Tested manual S3 upload from the same EC2 instance hosting the lambda; it works fine.
- The issue seems isolated to the Genesys Cloud Data Action invocation context.