Note: This article applies to the AWS Lambda data actions integration.

The data actions integrations are cloud solutions that work with other third-party cloud solutions. However, it is possible to use data actions with on-premises solutions too. For on-premises solutions, one option you can use is the AWS Lambda data actions integration, its associated data actions, and your AWS Lambda function stored in AWS to retrieve data from your on-premises solutions and then use that data in various Genesys Cloud applications. And you can do so securely.

The following information provides a conceptual overview of this solution and how to secure communication between the various cloud and on-premises entities. For a step-by-step workflow, see Workflow for data actions with on-premises solutions.

Amazon VPCs and cross-account role assignments

Amazon Web Services (AWS) is divided into Virtual Private Clouds (VPCs) to help keep data between different entities separate and secure. In our solution, there are two Amazon VPCs: Genesys Cloud’s Amazon VPC and your Amazon VPC.

  • Genesys Cloud’s Amazon VPC contains the AWS Lambda data action integration and associated data actions that you create in Genesys Cloud.
  • Your Amazon VPC contains an AWS Lambda function.

The data action in Genesys Cloud’s Amazon VPC invokes the AWS Lambda function in your Amazon VPC. Your AWS Lambda function contains code that executes when the data action calls the function. 

Amazon VPCs allow you to control the network accessibility of your AWS resources, potentially keeping communication traffic within AWS. You can ensure that communication only occurs between Genesys Cloud’s Amazon VPC and the AWS Lambda function in your Amazon VPC with cross-account role assignments. By granting your Genesys Cloud organization access to a role that you create in your Amazon VPC, you allow your Genesys Cloud organization and only your Genesys Cloud organization to invoke your AWS Lambda function. For more information, see How do I allow users from another account to access resources in my account through IAM? in the AWS documentation, Create IAM resources to invoke an AWS Lambda function, and Add a data actions integration.

On-premises solution and an AWS VPN connection

Your AWS Lambda function contacts your on-premises solution to retrieve the requested data.

You can keep the communication between your Amazon VPC and your on-premises solution secure with an AWS VPN connection. AWS VPN connections ensure that only your Amazon VPC can access your on-premises solution. For more information, see VPN Connections in the AWS documentation.

For more information about using data actions with on-premises solutions, see Workflow for data actions with on-premises solutions, Example AWS Lambda data action with on-premises solution, and About the AWS Lambda data actions integration.