403 error while sending email from AWS SES

Question

I'm trying to send emails from the sandbox version of AWS SES from a verified identity. I've used Java V2 SDK of AWS SES to implement this. I'm getting 403 error while sending email even after providing full access permission to the IAM user.

Access given to the IAM user:

AmazonSESFullAccess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ses:*"
            ],
            "Resource": "*"
        }
    ]
}

Error received at the client side:

User arn:aws:iam::XXXXXXXXX:user/iam-username' is not authorized to perform ses:SendEmail' on resource `arn:aws:ses:region-id:XXXXXXXXX:identity/sender-email@domain.com' (Service: Ses, Status Code: 403, Request ID: a7287c61-dca1-48b5-87c0-b3b0df00a35e)

Edit #1:

AwsCredentials credentials = AwsBasicCredentials.create("awsAccessKey", "awsSecretKey");
sesClient = SesClient.builder().credentialsProvider(() -> credentials).region(region).build();
Destination destination = Destination.builder().toAddresses("verified-receiver@test.com").build();
Content content = Content.builder().data("some html content").build();
Content subject = Content.builder().data("some subject").build();
Body body = Body.builder().html(content).build();
Message msg = Message.builder().subject(subject).body(body).build();

SendEmailRequest emailRequest =
    SendEmailRequest.builder()
        .destination(destination)
        .message(msg)
        .source("verified-sender@test.com")
        .build();

SendEmailResponse response = sesClient.sendEmail(emailRequest);

Is there anything I'm missing here which is causing this problem?

Answer 1

I found the issue. The IAM user had permission boundary to S3 alone. This was causing 403 error and the error message was not very informative.