ses smtp service: creating a second access key on previously working IAM user results in '535 Authentication Credentials Invalid'

0

We created an IAM user to use SMTP submission on SES. (We are out of the sandbox, have the domain identity verified, and DKIM is set up and working.)

Using the first access key on this IAM user, we have no issue sending email. If we create a second access key on the same IAM user, we get '535 Authentication Credentials Invalid'.

The user has one inline policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ses:SendRawEmail",
            "Resource": "*"
        }
    ]
}

I'm stumped. How can a IAM user work with the first access key, but not the second access key?

And, how do we troubleshoot the 535 Authentication Credentials Invalid? I can't find any better or more verbose logging anywhere.

2개 답변
1
수락된 답변

While SES SMTP credentials can be derived from IAM Access Key / Secret Key they are different. If you haven't done this already, you may need to use the code documented here to convert the new Secret Key to an SMTP password.

AWS
zsewell
답변함 일 년 전
1

IAM access key and secret key are not same as the SMTP username and password. you can either generate a new setup of STMP username password or use the below to convert your access key to smpt credentials. Details

// Modify this variable to include your AWS secret access key
key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY";
            
// Modify this variable to refer to the AWS Region that you want to use to send email.
region = "us-west-2";
            
// The values of the following variables should always stay the same.
date = "11111111";
service = "ses";
terminal = "aws4_request";
message = "SendRawEmail";
version = 0x04;

kDate = HmacSha256(date, "AWS4" + key);
kRegion = HmacSha256(region, kDate);
kService = HmacSha256(service, kRegion);
kTerminal = HmacSha256(terminal, kService);
kMessage = HmacSha256(message, kTerminal);
signatureAndVersion = Concatenate(version, kMessage);
smtpPassword = Base64(signatureAndVersion);
AWS
Rishi
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠