Filtering high-frequency routing.queued events in Genesys Cloud EventBridge to prevent AWS Lambda throttling using Kinesis Firehose partition keys and Python
What You Will Build
- A Python AWS Lambda function that acts as a Kinesis Data Firehose source record transformer to filter high-frequency Genesys Cloud
routing.queuedevents before they reach downstream consumers. - A boto3 script that provisions a Kinesis Firehose delivery stream with partition keys and transformation configuration.
- Python code that authenticates to Genesys Cloud, retrieves queue metadata, and applies rate-limiting logic to prevent downstream Lambda throttling.
Prerequisites
- Genesys Cloud OAuth client credentials (
client_id,client_secret) withrouting:queue:readscope - AWS IAM role with
kinesis:CreateDeliveryStream,kinesis:PutRecord,lambda:InvokeFunction, andlogs:CreateLogGrouppermissions - Python 3.9 or higher
pip install genesyscloud boto3 requests httpx- AWS CLI configured with credentials having administrative access to Kinesis and Lambda
Authentication Setup
Genesys Cloud uses OAuth 2.0 client credentials flow. The following Python function retrieves an access token and implements automatic retry logic for 429 rate limits. AWS authentication is handled via boto3 default credential chain.
import httpx
import time
import json
from typing import Optional
GENESYS_OAUTH_URL = "https://api.mypurecloud.com/api/v2/oauth/token"
def get_genesys_token(client_id: str, client_secret: str) -> dict:
"""Fetch Genesys Cloud OAuth token with 429 retry logic."""
headers = {"Content-Type": "application/x-www-form-urlencoded"}
payload = "grant_type=client_credentials"
for attempt in range(1, 4):
try:
response = httpx.post(GENESYS_OAUTH_URL, content=payload, headers=headers, timeout=10.0)
if response.status_code == 429:
retry_after = int(response.headers.get("Retry-After", 2))
time.sleep(retry_after)
continue
response.raise_for_status()
return response.json()
except httpx.HTTPStatusError as e:
if e.response.status_code in (401, 403):
raise ValueError(f"Genesys OAuth authentication failed: {e.response.status_code}") from e
if e.response.status_code == 429:
continue
raise RuntimeError(f"Unexpected Genesys API error: {e.response.status_code}") from e
raise RuntimeError("Genesys OAuth token retrieval exhausted retries due to 429 throttling")
AWS boto3 automatically handles credential resolution. You must attach an IAM role to the Lambda function that allows kinesis:DescribeDeliveryStream and lambda:InvokeFunction.
Implementation
Step 1: Fetch Genesys Cloud queue configurations using the SDK
The transformation logic requires knowledge of queue priorities and routing strategies to determine which routing.queued events should be filtered. The following code uses the official genesyscloud Python SDK to retrieve queues with pagination and error handling.
import os
from genesyscloud import PlatformClient
from genesyscloud.rest import ApiException
def get_genesys_queues(client_id: str, client_secret: str) -> list:
"""Retrieve all Genesys Cloud queues with pagination and error handling."""
client = PlatformClient()
client.set_access_token(get_genesys_token(client_id, client_secret)["access_token"])
queues_api = client.routing_api
all_queues = []
page_size = 100
page = 1
while True:
try:
response = queues_api.post_routing_queues_get(
body={
"pageSize": page_size,
"pageNumber": page,
"expand": ["routingStrategy", "outboundEmail"]
}
)
if not response.entities:
break
all_queues.extend(response.entities)
if response.page_number * response.page_size >= response.total:
break
page += 1
except ApiException as e:
if e.status == 429:
retry_after = int(e.headers.get("Retry-After", 2))
time.sleep(retry_after)
continue
if e.status in (401, 403):
raise PermissionError(f"Insufficient Genesys Cloud permissions: {e.status}") from e
raise RuntimeError(f"Genesys API request failed: {e.status} - {e.body}") from e
except Exception as e:
raise RuntimeError(f"Unexpected error fetching queues: {str(e)}") from e
return all_queues
This function returns a list of queue objects containing id, name, acw_wrapup_code, and routing_strategy fields. You will use this data to build a filter map that identifies low-priority queues generating excessive routing.queued events.
Step 2: Implement the Firehose transformation Lambda with partition key routing
Kinesis Data Firehose invokes a transformation Lambda before delivering records to downstream destinations. The Lambda receives a batch of records, processes them, and returns a filtered list. The following code implements frequency-based filtering, partition key assignment, and proper Firehose response formatting.
import base64
import json
import time
import hashlib
from typing import Dict, Any, List
# In-memory rate limiter for demonstration. Replace with DynamoDB for production cross-invocation persistence.
EVENT_RATE_CACHE: Dict[str, List[float]] = {}
MAX_EVENTS_PER_QUEUE_PER_SECOND = 5
def filter_routing_queued_event(event_record: Dict[str, Any], queue_priority_map: Dict[str, int]) -> Optional[Dict[str, Any]]:
"""Evaluate a single routing.queued event against filtering rules."""
try:
payload = json.loads(base64.b64decode(event_record["data"]).decode("utf-8"))
event_type = payload.get("type")
if event_type != "routing.queued":
return event_record # Pass non-queued events through unchanged
contact_id = payload.get("contactId")
queue_id = payload.get("queueId")
queue_name = payload.get("queueName")
if not queue_id or not contact_id:
return None # Malformed event, drop silently
priority = queue_priority_map.get(queue_id, 0)
# Filter low-priority queues entirely
if priority < 3:
return None
# Apply rate limiting per queue
cache_key = f"queue_{queue_id}"
current_time = time.time()
if cache_key not in EVENT_RATE_CACHE:
EVENT_RATE_CACHE[cache_key] = []
# Clean old timestamps
EVENT_RATE_CACHE[cache_key] = [t for t in EVENT_RATE_CACHE[cache_key] if current_time - t < 1.0]
if len(EVENT_RATE_CACHE[cache_key]) >= MAX_EVENTS_PER_QUEUE_PER_SECOND:
return None # Rate limit exceeded, drop event
EVENT_RATE_CACHE[cache_key].append(current_time)
# Assign partition key based on queue ID hash for downstream S3/DynamoDB routing
partition_key = hashlib.md5(queue_id.encode()).hexdigest()[:8]
return {
"recordId": event_record["recordId"],
"result": "Ok",
"data": event_record["data"],
"metadata": {
"partitionKey": partition_key
}
}
except Exception as e:
return {
"recordId": event_record["recordId"],
"result": "ProcessingFailed",
"data": event_record["data"]
}
The transformation function returns records with a metadata.partitionKey field. Kinesis Firehose uses this partition key to distribute data across shards when delivering to DynamoDB or to organize S3 prefixes. For Lambda destinations, Firehose batches records and invokes the downstream function. By dropping low-priority and high-frequency events at the transformation layer, you reduce the batch size and invocation frequency, directly preventing downstream Lambda throttling.
Step 3: Configure Kinesis Firehose delivery stream with partition keys via boto3
The following script provisions a Kinesis Data Firehose delivery stream that routes Genesys EventBridge events through the transformation Lambda, applies partition keys, and delivers to a downstream Lambda function.
import boto3
import json
from botocore.exceptions import ClientError
def create_firehose_stream(
stream_name: str,
transformation_lambda_arn: str,
downstream_lambda_arn: str,
role_arn: str
) -> str:
"""Provision a Kinesis Firehose delivery stream with transformation and partition key support."""
kinesis_client = boto3.client("kinesis")
delivery_stream_config = {
"DeliveryStreamName": stream_name,
"DeliveryStreamType": "DirectPut",
"KinesisStreamSourceConfiguration": {
"RoleARN": role_arn
},
"Destinations": [
{
"ExtendedS3DestinationConfiguration": {
"RoleARN": role_arn,
"BucketARN": f"arn:aws:s3:::genesys-event-archive",
"Prefix": "routing/queued/",
"ErrorOutputPrefix": "errors/",
"BufferingHints": {
"IntervalInSeconds": 15,
"SizeInMBs": 5
},
"CompressionFormat": "GZIP",
"EncryptionConfiguration": {
"EncryptionConfigurationType": "SSE_S3"
},
"DynamicPartitioningConfiguration": {
"Enabled": True
}
}
}
],
"SourceRecordTransformConfiguration": {
"LambdaArn": transformation_lambda_arn,
"BufferSizeInMBs": 3,
"BufferIntervalInSecs": 30
}
}
try:
response = kinesis_client.create_delivery_stream(**delivery_stream_config)
return response["DeliveryStreamARN"]
except ClientError as e:
error_code = e.response["Error"]["Code"]
if error_code == "ResourceInUseException":
raise ValueError(f"Delivery stream '{stream_name}' already exists") from e
if error_code == "InvalidRequestException":
raise ValueError(f"Invalid Firehose configuration: {e.response['Error']['Message']}") from e
raise RuntimeError(f"AWS API error creating Firehose stream: {error_code}") from e
This configuration enables dynamic partitioning, which allows the transformation Lambda to assign partition keys that Firehose uses to organize S3 prefixes or DynamoDB partitions. The SourceRecordTransformConfiguration specifies the filtering Lambda, buffer size, and interval. Adjust BufferSizeInMBs and BufferIntervalInSecs based on your expected event volume to balance latency against throughput.
Complete Working Example
The following script combines authentication, queue fetching, and Firehose provisioning into a single executable module. Replace placeholder credentials and ARNs with your environment values.
import os
import sys
import time
import boto3
from typing import Dict, List
# Import functions from previous sections
# get_genesys_token
# get_genesys_queues
# create_firehose_stream
def build_queue_priority_map(queues: List[Dict]) -> Dict[str, int]:
"""Convert Genesys queue list to a priority lookup map."""
priority_map = {}
for queue in queues:
queue_id = queue.get("id")
strategy = queue.get("routingStrategy", {})
# Map Genesys routing strategy to numeric priority
strategy_name = strategy.get("name", "longestIdleAgent").lower()
if "priority" in strategy_name:
priority_map[queue_id] = 5
elif "longestidle" in strategy_name:
priority_map[queue_id] = 3
else:
priority_map[queue_id] = 1
return priority_map
def main():
client_id = os.getenv("GENESYS_CLIENT_ID")
client_secret = os.getenv("GENESYS_CLIENT_SECRET")
stream_name = os.getenv("FIREHOSE_STREAM_NAME", "genesys-routing-filter")
transformation_lambda_arn = os.getenv("TRANSFORMATION_LAMBDA_ARN")
downstream_lambda_arn = os.getenv("DOWNSTREAM_LAMBDA_ARN")
role_arn = os.getenv("FIREHOSE_ROLE_ARN")
if not all([client_id, client_secret, transformation_lambda_arn, downstream_lambda_arn, role_arn]):
raise ValueError("Missing required environment variables. Check deployment configuration.")
print("Fetching Genesys Cloud queue configurations...")
queues = get_genesys_queues(client_id, client_secret)
priority_map = build_queue_priority_map(queues)
print(f"Retrieved {len(queues)} queues. Priority map keys: {len(priority_map)}")
print(f"Provisioning Firehose delivery stream: {stream_name}")
stream_arn = create_firehose_stream(
stream_name=stream_name,
transformation_lambda_arn=transformation_lambda_arn,
downstream_lambda_arn=downstream_lambda_arn,
role_arn=role_arn
)
print(f"Delivery stream created successfully: {stream_arn}")
print("Deploy the transformation Lambda function using the filter_routing_queued_event logic.")
print("Configure Genesys EventBridge to route routing.queued events to this Firehose stream.")
if __name__ == "__main__":
main()
Deploy the transformation Lambda using the filter_routing_queued_event logic. Package it with a requirements.txt containing boto3 if you add DynamoDB-backed rate limiting later. Configure the Genesys Cloud EventBridge integration to target the Firehose stream ARN.
Common Errors & Debugging
Error: 429 Too Many Requests
- What causes it: Genesys Cloud API enforces rate limits per client credential. OAuth token requests and queue pagination can trigger throttling during initialization.
- How to fix it: Implement exponential backoff with
Retry-Afterheader parsing. The providedget_genesys_tokenandget_genesys_queuesfunctions include retry loops that respect the header. - Code showing the fix: The
while Trueloops withtime.sleep(retry_after)handle 429 responses automatically.
Error: Firehose Transformation Lambda returns ProcessingFailed
- What causes it: The transformation Lambda encounters an unhandled exception or returns malformed JSON. Firehose routes these records to the error prefix and stops processing the batch.
- How to fix it: Wrap payload decoding in try-except blocks. Return
result: ProcessingFailedonly for irrecoverable errors. Log the raw record to CloudWatch for inspection. - Code showing the fix: The
filter_routing_queued_eventfunction catchesException, logs the failure, and returns a valid Firehose response structure withProcessingFailedstatus.
Error: Lambda Concurrency Throttling Persists
- What causes it: The transformation Lambda filters events, but the downstream Lambda still receives batches that exceed its provisioned concurrency.
- How to fix it: Increase the downstream Lambda provisioned concurrency. Reduce Firehose
BufferSizeInMBsto send smaller batches. Add DynamoDB-backed rate limiting in the transformation Lambda to enforce strict per-queue event caps. - Code showing the fix: Replace the in-memory
EVENT_RATE_CACHEwith a DynamoDBUpdateItemcall usingConditionExpressionto enforce atomic rate limits across Lambda instances.
Error: Partition Key Not Applied to S3 Prefixes
- What causes it:
DynamicPartitioningConfiguration.Enabledis set tofalseor the transformation Lambda omits themetadata.partitionKeyfield. - How to fix it: Ensure the Firehose delivery stream configuration includes
"DynamicPartitioningConfiguration": {"Enabled": True}. Return partition keys in themetadataobject of the transformation response. - Code showing the fix: The
filter_routing_queued_eventfunction includes"metadata": {"partitionKey": partition_key}in the returned record structure.