CODEWITHSUNDEEP
javaamazon-web-servicesspring-bootamazon-ses
MrVaishnav Kuldeep
MrVaishnav Kuldeep

Reputation: 105

AWS SES implement In spring boot java without using credential

I am a Backend Developer (Spring boot) and the DevOps team wants me to implement the SES and SNS service of AWS but without using credentials as they are stored the same credentials with IAM Role in aws so they want to me pass the only host in code and left credential part empty and it will send email to particular recipient.(as per their concern)

So as they said I did try with empty credentials in java but that didn't work it says Invalid authentication

I don't know how but they did implement this same thing with PHP SDKs they left the credentials part empty and it works fine with IAM role credentials

Here is my code Where I left the credential part empty

private boolean sendAwsMail() {
        String result = null;
        boolean flag = true;
        try {
            Properties props = System.getProperties();
            props.put("mail.transport.protocol", varMap.get("protocol"));
            props.put("mail.smtp.port", Integer.parseInt(varMap.get("port")));
            props.put("mail.smtp.starttls.enable", "true");
            props.put("mail.smtp.auth", "true");
            Session session = Session.getDefaultInstance(props);
            MimeMessage msg = new MimeMessage(session);
            msg.setFrom(new InternetAddress("[email protected]", "lottoweaver.com"));
            msg.setRecipient(Message.RecipientType.TO, new InternetAddress(varMap.get("destinationMailId")));
            msg.setSubject(varMap.get("subject"));
            msg.setContent(varMap.get("content"), "text/html");
            Transport transport = session.getTransport();
            transport.connect("email-smtp.us-west-2.amazonaws.com", "", "");
            transport.sendMessage(msg, msg.getAllRecipients());
            AppLogger.writeLog("INFO", "MAIL_SEND", "send_mail", this.getClass().getName(),
                    Thread.currentThread().getStackTrace()[1].getMethodName(),
                    "toMailId:" + varMap.get("destinationMailId"), "subject:" + varMap.get("subject"), "", "", null,
                    null, "");
            result = varMap.get("content");
            transport.close();
        } catch (Exception ex) {
            AppLogger.writeLog("WARNING", "Issue_In_Connection", "send_mail", this.getClass().getName(),
                    Thread.currentThread().getStackTrace()[1].getMethodName(),
                    "toMailId:" + varMap.get("destinationMailId"), "subject:" + varMap.get("subject"), "", "", null, ex,
                    "");
            flag = false;
            result = ex.toString();
        } finally {
            this.flag = flag;
            dumpList.add(new MessageDataDump(varMap.get("destinationMailId"), result, varMap, "AWS-EMAIL"));
            return flag;
        }
    }

I replaced msg.setFrom(new InternetAddress(varMap.get("fromEmail"), varMap.get("fromName"))); with msg.setFrom(new InternetAddress("[email protected]", "lottoweaver.com"));

and also replaced same at credentail part that is transport.connect(varMap.get("HOST"), varMap.get("SMTP_USERNAME"), varMap.get("SMTP_PASSWORD")); with transport.connect("email-smtp.us-west-2.amazonaws.com", "", "");

please point me a correct way to achieve this.

Thanks in advance

Upvotes: 2

Views: 2100

Answers (1)

F_SO_K
F_SO_K

Reputation: 14829

When you execute your code, the AWS SDK will use a credential chain to find your credentials: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

The SDK will work down this chain, trying to find credentials. For a developer working on a local machine you credentials are normally picked up either by a) the aws credentials file or b) setting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables.

Things work slightly differently when you are running your code on the server. In this case, the credentials are applied to an instance role. Basically, no credentials need to be passed, as the code is on an AWS server, AWS knows what permissions it has, as set through an IAM instance role.

In short, you need to pass credentials when you're on local, but don't worry, if your colleagues have setup the server correctly, you won't need to pass credentials when you're on the server.

EDIT: You will need to use the Java SDK to access the credential chain https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-using-sdk-java.html

Upvotes: 3

Related Questions