Stuck on provisioning a new SIP trunk using genesyscloud_sip_trunk on our AU-1 BYOC instance. The deployment pipeline runs via GitHub Actions using provider v1.22.0. While standard resources like routing queues and outbound campaigns apply without issue, the SIP trunk resource consistently fails during the terraform apply phase with a 403 Forbidden error.
The HCL configuration specifies valid endpoint credentials and associates the trunk with an existing SIP profile. The sip_profile_id is verified to exist and is active. However, the API response indicates a permissions mismatch rather than a configuration syntax error.
resource "genesyscloud_sip_trunk" "main_trunk" {
name = "Main SIP Trunk"
description = "Primary PSTN connection"
sip_profile_id = var.sip_profile_id
endpoints {
host = "sip.provider.com"
port = 5060
transport = "UDP"
username = var.sip_username
password = var.sip_password
display_name = "Main Trunk"
}
routing {
default_enabled = true
}
}
The error log from the CLI output shows:
Error creating SIP Trunk: 403 Forbidden. Message: Insufficient permissions to create resource type 'sip_trunk' on scope 'manage:sip_trunk'.
The service account used by the GitHub Actions workflow has the System Administrator role assigned. This role explicitly includes the manage:sip_trunk permission scope according to the Genesys Cloud documentation. I have also tested this with a manual API call using Postman with the same access token, which succeeds. This suggests the Terraform provider might be constructing the request with an incorrect scope or missing a required header specific to BYOC environments.
Has anyone encountered this specific 403 discrepancy between manual API calls and Terraform provisioning for SIP trunks on AU-1 BYOC? Is there a known workaround or a specific permission set that needs to be granted beyond the standard admin role for BYOC deployments?
Thanks for the help.