We are wiring up a real-time queue analytics dashboard and need Genesys Cloud to push routing events directly into our AWS EventBridge bus. The integration setup through the admin UI looks standard, but the platform keeps rejecting the subscription creation. We’ve verified the IAM role attached to the target queue and confirmed the cross-account trust policy allows events:PutTargets. The PUT request to /api/v2/analytics/eventarchiving/eventbridge returns a 403 Forbidden with a generic invalid_request error.
Ran through the troubleshooting checklist already. Rotated the OAuth client credentials and confirmed the scope includes analytics:query:read. Checked the EventBridge bus ARN against the exact format documented in the integration guide. Switched the event types from routing.interaction.created to routing.queue.occupancy just to test basic throughput. Still hitting the same wall. The payload structure looks correct based on the Swagger spec:
{“eventBridgeArn”: “arn:aws:events:us-west-2:123456789012:event-bus/genesys-queue-stream”, “eventTypes”: [“routing.queue.occupancy”], “enabled”: true}
The response body just dumps {“type”:“invalid_request”,“message”:“Unable to validate EventBridge target permissions”}. We’ve confirmed the outbound IP allowlists aren’t blocking AWS endpoints. The admin UI shows the integration as FAILED with no detailed error log. Weird. The CloudWatch metrics show zero inbound requests from the Genesys IP ranges. Don’t think it’s a firewall issue. Dashboard refresh times are already slipping. Checking the CloudTrail logs next. The platform SDK documentation mentions a specific webhook validation callback, but EventBridge doesn’t use that handshake method. It’s supposed to be a direct ARN push. Maybe the tenant isn’t provisioned for the event archiving tier yet. Not sure how to verify that through the API.