Data action returns a 403 error

Note: This article applies to the AWS Lambda data actions integration and the Google data actions integration when used with Google Cloud Functions.

A data action returns a 403 error. 

  • The AWS Lambda function that you are trying to invoke does not exist.
    • Create an AWS Lambda function in your AWS account. Grant access to this AWS Lambda function in a policy associated with the role that you set under the integration configuration in Genesys Cloud. 
  • The policy in your AWS account does not grant access to the correct AWS Lambda function.
    • Update the policy in your AWS account to grant invokeFunction access to the AWS Lambda function that you want your AWS Lambda data actions integration to call.
  • The policy that you attached to your role does not grant access to your AWS Lambda function. 
    • Add the policy to the role in your AWS account that grants access to an AWS Lambda function. 
  • The account ID set on the role in your AWS account is not Genesys Cloud’s production AWS account ID.
    • Update the account ID on the role in your AWS account to 765628985471.
  • The external ID set on the role in your AWS account is not a Genesys Cloud organization ID.
    • Update the external ID on the role in your AWS account. This role is the same role that you set in the integration configuration in Genesys Cloud.

For more information, see Create IAM resources and Add a data actions integration.

For more information about the integration, see About the AWS Lambda data actions integration.

A data action returns a 403 error. 

  • The function in a service account is missing the cloudfunctions.functions.call and cloudfunctions.functions.invoke permissions.
    • Check whether the cloudfunction.functions.call and cloudfunctions.functions.invoke permissions are assigned to the function that you want to execute in the service account. For more information, see Configure Google Cloud Platform.
    • Check ingress rules and ensure that the calls to the cloud function or trigger endpoints are allowed.
  • The function name is incorrect.
    • Check the name of the function in the error message. If the function name is incorrect, then fix the function name in the request URL template. For more information, see Configure Google Cloud Platform.
  • Caller does not have access to the customer’s data.
    • Add an email address to the Impersonating User Email in the integration configuration in Genesys Cloud. For more information, see Add a data actions integration.
  • Request had insufficient authentication scopes.
    • Add or update scopes for Authorization Scopes in the integration configuration in Genesys Cloud. For more information, see Add a data actions integration.

For more information, see About the Google data actions integration.