Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

ses smtp service: creating a second access key on previously working IAM user results in '535 Authentication Credentials Invalid'

0

We created an IAM user to use SMTP submission on SES. (We are out of the sandbox, have the domain identity verified, and DKIM is set up and working.)

Using the first access key on this IAM user, we have no issue sending email. If we create a second access key on the same IAM user, we get '535 Authentication Credentials Invalid'.

The user has one inline policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ses:SendRawEmail",
            "Resource": "*"
        }
    ]
}

I'm stumped. How can a IAM user work with the first access key, but not the second access key?

And, how do we troubleshoot the 535 Authentication Credentials Invalid? I can't find any better or more verbose logging anywhere.

Argomenti
Front-end web e dispositivi mobiliApplicazioni aziendaliSicurezza, identità e conformità
Tag
Amazon Simple Email ServicePolitiche IAM
Lingua
English
AnotherAWSuser
posta un anno fa825 visualizzazioni
2 Risposte
1
Risposta accettata

While SES SMTP credentials can be derived from IAM Access Key / Secret Key they are different. If you haven't done this already, you may need to use the code documented here to convert the new Secret Key to an SMTP password.

AWS
zsewell
con risposta un anno fa
1

IAM access key and secret key are not same as the SMTP username and password. you can either generate a new setup of STMP username password or use the below to convert your access key to smpt credentials. Details

// Modify this variable to include your AWS secret access key
key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
            
// Modify this variable to refer to the AWS Region that you want to use to send email.
region = "us-west-2";
            
// The values of the following variables should always stay the same.
date = "11111111";
service = "ses";
terminal = "aws4_request";
message = "SendRawEmail";
version = 0x04;

kDate = HmacSha256(date, "AWS4" + key);
kRegion = HmacSha256(region, kDate);
kService = HmacSha256(service, kRegion);
kTerminal = HmacSha256(terminal, kService);
kMessage = HmacSha256(message, kTerminal);
signatureAndVersion = Concatenate(version, kMessage);
smtpPassword = Base64(signatureAndVersion);
AWS
Rishi
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente