I’m building a daily job to pull Genesys Cloud analytics data and push it to an S3 bucket. The Python script runs inside a lambda function. It works fine for small datasets, but when I try to export a full day of interaction data, the upload fails.
I’m using the Genesys Cloud Python SDK to get the data and boto3 to upload.
Here is the logic I’m using for the upload part:
def upload_to_s3(data, bucket, key):
s3_client = boto3.client('s3', region_name='us-west-2')
try:
s3_client.put_object(Body=data, Bucket=bucket, Key=key)
return True
except ClientError as e:
print(f"S3 Error: {e}")
return False
The data variable is a JSON string. The error I get back from boto3 is a 403 Forbidden. The message says AccessDenied.
I’ve checked the IAM role attached to the lambda. It has s3:PutObject permission on the bucket. The policy looks like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": "arn:aws:s3:::my-analytics-bucket/*"
}
]
}
I also added s3:ListBucket just in case, but it didn’t help. The code works locally when I use my personal AWS credentials. It only fails in the lambda environment.
Is there something specific about how boto3 signs the request that might be getting blocked? Or maybe the size of the payload is causing an issue with the signature? I’m not seeing any timeout errors, just a straight 403.
I’ve tried adding the Content-Type header to the put_object call, but that didn’t change anything. The region is correct too. It’s us-west-2 for both the lambda and the bucket.
Does anyone see a missing permission or a config issue in this setup?