Stuck on SIP trunk provisioning failure during automated deployment pipeline.
Running Terraform apply with Genesys Cloud provider v1.52. The deployment targets a staging environment in Asia Pacific Sydney region. The goal is to provision a new SIP trunk with specific TLS settings and IP allow lists using CX as Code principles.
The genesyscloud_trunk resource fails consistently with a 403 Forbidden error. This occurs specifically when attempting to set the outbound_call_prefixes and tls_settings attributes. The service account used by the GitHub Actions runner has the telephony:admin role and telephony:read permissions verified via CLI.
Manual creation of the same trunk via the Genesys Cloud UI succeeds without issue. This suggests a potential discrepancy between API endpoint permissions and role-based access control (RBAC) implementation in the provider.
resource "genesyscloud_trunk" "staging_sip_trunk" {
name = "Staging-SIP-Trunk-01"
description = "Automated SIP Trunk for Staging"
outbound_call_prefixes = ["+61"]
tls_settings {
enabled = true
validate_cert = true
}
ip_allow_list {
cidr = "203.0.113.0/24"
description = "Office Network"
}
}
Error log from Terraform apply:
Error: Error creating trunk: 403 Forbidden
Details: Access denied for resource /api/v2/telephony/providers/edges/trunks
Checking the audit logs via CLI shows the request originates from the correct service account ID. The token used is valid and has not expired. No recent changes to the RBAC configuration for this account.
Has anyone encountered similar 403 errors when provisioning SIP trunks with TLS settings via Terraform? Is there a specific permission grant missing beyond telephony:admin? Or is this a known issue with provider v1.52 and the newer trunk API endpoints?