Environment: Node.js
Question: Is there some clever way to get around the problems listed below and block SendEmailCommand in permission policies?
Background: The latest version of @aws-sdk/client-ses downloaded from NPM is version 3.445.0. The README.md file that comes with this package contains the following sentence,
This document contains reference information for the Amazon Simple Email Service (Amazon SES) API, version 2010-12-01.
This package contains the function, SendEmailCommand and does not contain the function SendEmail.
Unfortunately, the link to the API reference found in README.md does not include instructions for SendEmailCommand. The API reference does include SendEmail which isn't included in the package.
Furthermore, it's not possible set a User/Group Permission Policy that blocks SendEmailCommand because SES policies by default use version 2012-10-17 of the API. Trying to change the version throws an error. SendEmailCommand appears to be part of 2010-12-01 but I'm not even certain of that because it's not listed in the API reference. Not certain why SendEmailCommand is in the latest version on NPM since it appears to be old.
I found 2 references for SendEmailCommand. The second page is deprecated.
https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-ses/Class/SendEmailCommand/
https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-ses/classes/sendemailcommand.html
Thanks Riku, Actually what I'm trying to do is block every command except SendEmailCommand. It's the only command I need for my server. Is there a simple way to only allow that single command to operate?
If you want to send email using "SendEmailCommand", you should only need to allow "ses:SendEmail" and "ses:SendRawEmail" in your IAM policy.