We’re hitting a wall trying to call an AWS Lambda function from a Genesys Cloud Data Action. The setup is standard: the Data Action uses an HTTP POST to the Lambda invoke URL. The issue is a persistent 403 Forbidden error from AWS, even though we’ve double-checked the IAM role attached to the Data Action.
Here’s the IAM policy we attached to the role gc-data-action-lambda-role:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:us-east-1:123456789012:function:my-routing-lambda"
}
]
}
The Data Action configuration points to this role. When we test it in Architect, the response payload from Genesys is just {"error": "Internal Server Error"}. Checking the CloudWatch logs for the Lambda, we see nothing-the request never reaches the handler.
We’ve verified the Lambda function name and region. We’re using the OpenTelemetry SDK to trace the initial request from our internal service to Genesys, and that part works fine. The span ends at the Data Action execution.
Is there a specific trust relationship required for the role that Genesys assumes? Or are we missing a permission on the Lambda resource policy side? We’ve tried adding lambda:InvokeAsync but that didn’t help. Any ideas on what’s blocking the invoke?