- Newest
- Most votes
- Most comments
For those that run into this thread via Google search, make sure you create the credentials via the SES console, and not the IAM console. I was attempted to rotate existing credentials for an individual user, and they continued to return authentication errors until I did it via SES instead. I could then see them via the IAM console as well, however I believe this method has additional back end calls that create the corresponding credentials in SES.
Hi pontomarket,
There are a few things to check.
First, how did you generate your credentials? SMTP credentials are region-specific, so if you used the console in another region (say us-west-1) to generate them, then they won't work in us-east-1.
Also, when you had the SMTP conversation via telnet, did you convert the credentials to base64 encoding first?
Thanks,
Brent @ AWS
Hi Brent, thanks for your help!
Today I've found the following note on the documentation, which was exactly the first point you've mentioned. As I am a long time user for AWS SES in other accounts, I was using the same credentials for all regions and didn't know the specs had changed.
Here is the note transcription for anyone else who's facing the same issue:
Note
If you created SMTP credentials before January 10, 2019, your SMTP credentials might work in all AWS Regions where Amazon SES is available. However, credentials created after this date are created using the AWS Signature Version 4, and are unique to each Region.
For additional security, we recommend that you delete credentials that were created before this date, and replace them with newer, Region-specific credentials. You can delete older credentials by using the IAM console.
Edited by: pontomarket on Jan 6, 2020 6:34 PM
I also "suffered" this issue and guess it was also related to the region. Just wondering if anyone can explain me how the h*** to find out or change the region a user or credentials are created for. I mean, looking at the IAM user lists how can I find out where it is registered to.
Those who have come here after** rotating the IAM access key or after creating a new access key **for your existing SMTP IAM user. You cannot use the Secret Access Key generated after creating the Access key.
You must use the access key ID of the user and then derieve the SMTP password for that particular region as guided here: https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-convert
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
@sandwormusmc1, how and where do you create the credentials via the SES console?
As soon as I click "Create SMTP credentials" it opens up the IAM console.
There is no other option other than IAM console to create a new user / credentials.
Look at the attached image to know which button to click: https://ibb.co/Y8ZyYdN