Getting a 403 Forbidden when Architect invokes a Lambda via the AWS Data Action. The Lambda logs show the principal is lambda.amazonaws.com, but the IAM role trust policy only allows ec2.amazonaws.com. Here’s the policy snippet causing the block:
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
Need the exact Principal string to add so Genesys Cloud can assume the role. What’s the correct service principal for Data Action invocations?