Here is the Data Action config I’m using in the Architect flow:
{
"name": "CallLambda",
"type": "invokeLambda",
"configuration": {
"arn": "arn:aws:lambda:eu-west-1:123456789012:function:GenesysCallback",
"payload": {
"contactId": "{{contact.contactId}}"
}
}
}
The flow executes but returns a 403 Forbidden error. The IAM role attached to the Lambda function has lambda:InvokeFunction permissions. I’ve checked the trust policy and it allows lambda.amazonaws.com to assume the role.
Genesys Cloud documentation says the platform uses a specific execution role to invoke the function. I’ve added the Genesys Cloud account ID to the resource-based policy on the Lambda function as well:
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::987654321098:root"
},
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:eu-west-1:123456789012:function:GenesysCallback"
}
Still getting 403. Is there a specific region mismatch issue? The Lambda is in eu-west-1 and the Genesys org is also EU. Maybe the account ID in the principal is wrong. I’m not sure where to find the correct Genesys Cloud execution role ID.