Home > Blockchain >  Sending email using AWS API without Secret Key and Access Key Id
Sending email using AWS API without Secret Key and Access Key Id

Time:10-06

I know close to nothing about AWS. But I want to use AWS SDK in my Springboot project to send email via SES. I am to send the emails as a delegate user, and all I have is the Identity user's ARN. I tried the code available on the AWS website and set X-SES-SOURCE-ARN header as the identity user's ARN, and I am getting Unable to load AWS credentials from any provider in the chain error. Do I need to add any sort of ACCESS-KEY-ID and SECRET-KEY?

CodePudding user response:

You might be confusing IAM identity with email/domain identities.

IAM handles authorization for the API call (AWS sigv4).

SES identities are internal to the service and just represent an authorized sending email address or domain (one that has performed verification steps).

To make a successful call you need to have both of those:

  1. An IAM principal with authorization for ses:SendEmail in the account.
  2. A verified email or domain identity in the account that is passed as the source ARN in your API call.

If you are using sending authorization policies then things require a little more setup but is essentially the same.

CodePudding user response:

You can add the accessKey and secretKey on a file named AwsCredentials.properties. Next, when you configure the AWS SES Client, you load that file, as in the following example with Cognito.

public AWSCognitoIdentityProvider getAmazonCognitoIdentityClient() {
    ClasspathPropertiesFileCredentialsProvider propertiesFileCredentialsProvider = new ClasspathPropertiesFileCredentialsProvider();

    return AWSCognitoIdentityProviderClientBuilder.standard().withCredentials(propertiesFileCredentialsProvider)
            .withRegion(props.getRegion()).build();

}
  • Related