Encountering a 403 Forbidden error when a Genesys Cloud Architect flow invokes an AWS Lambda function via a REST Data Action. The endpoint is public, but the Lambda execution role lacks the necessary trust policy to accept the request. The Terraform configuration for the role trust policy is as follows:
resource "aws_iam_role" "genesys_lambda_role" {
name = "genesys-lambda-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "lambda.amazonaws.com"
}
}
]
})
}
The Genesys Data Action sends a POST request with a JSON payload. The Lambda function receives the event but the execution fails due to permission issues. The IAM policy attached to the role allows basic CloudWatch logs, but nothing specific to the invocation. Is there a specific Principal or Condition required for Genesys Cloud to assume this role? The documentation suggests using a custom policy, but the exact structure remains unclear. The current setup works for manual invocation via the AWS Console, but fails consistently from the Architect flow. Need to adjust the Terraform code to resolve this drift.