Reputation: 33
Creating AWS SES SMTP credentials using IAM Role
I am trying to use an IAM Role that I have attached to an EC2 instance to generate a set of AWS SES SMTP credentials. However, after using the script given by Amazon to generate the SMTP Password from the Secret_Key of the IAM Role, and using the Access_Key_ID of the IAM Role, when trying to send an email via django.core.mail, I get error (535, b'Authentication Credentials Invalid').
This is how I am sending the email:
#django.core.mail
EMAIL_USE_TLS = True
EMAIL_HOST = 'email-smtp.us-east-1.amazonaws.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = credentials.access_key
EMAIL_HOST_PASSWORD = SMTP_PASSWORD
send_mail(
'Subject here',
'Here is the message.',
'[email protected]',
['[email protected]'],
fail_silently=False,
)
And how am I generating the password:
session = boto3.session.Session()
credentials = session.get_credentials().get_frozen_credentials()
region = requests.get('http://169.254.169.254/latest/dynamic/instance-identity/document').json()['region']
SMTP_PASSWORD = smtp_credentials_generate.calculate_key(secret_access_key=credentials.secret_key, region=region)
The SMTP Password generate script is here: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html.
Through some research, I found these links that say you cannot use an IAM Role to use generate SMTP credentials:
https://serverfault.com/questions/584789/is-it-possible-to-send-email-via-the-amazon-ses-smtp-service-with-a-iam-role-acc https://hector.dev/2015/01/17/sending-e-mail-via-amazon-ses-over-smtp-with-iam-roles.html
However, Amazons official QA says that it is possible: https://aws.amazon.com/premiumsupport/knowledge-center/ses-create-smtp-credentials/
Important: The IAM user or role that you use to create the SMTP credentials...
So is it possible or not? What am I doing wrong?
Upvotes: 3
Views: 5975
Answers (1)
Reputation: 12259
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
Don't use temporary AWS credentials to derive SMTP credentials. The Amazon SES SMTP interface doesn't support SMTP credentials that have been generated from temporary security credentials.
Regarding the Amazon official QA that you referenced, it's saying that you can use the role to create SMTP credentials in the web console.
Upvotes: 2
Related Questions
- Amazon SES SMTP Python Usage
- How to use AWS Simple Email Service (SES) in Django?
- Amazon SES SMTP with Django
- smtplib with AWS SES could not send emails with attachments
- "Connection unexpectedly closed" error while sending email using SES from AWS
- AWS SES with PHPMailer using SMTP, SMTP Error: Could not authenticate?
- Airflow - Send email with AWS SES
- python error sending mail with amazon ses with aws lambda
- How do I send an email through SES with temporary SES-specific credentials?
- Connecting to Amazon SES using IAM role and boto3