Amazon web services AWS放大SES sendmail访问被拒绝_Amazon Web Services_Amazon Iam_Aws Amplify_Amazon Ses

Amazon web services AWS放大SES sendmail访问被拒绝

amazon-web-services

Amazon web services AWS放大SES sendmail访问被拒绝,amazon-web-services,amazon-iam,aws-amplify,amazon-ses,Amazon Web Services,Amazon Iam,Aws Amplify,Amazon Ses,我想使用简单电子邮件服务（SES）使用AWS Amplify后端发送电子邮件，但我一直被拒绝访问，因此，互联网上和周围的许多其他答案都表示要设置sendmail和sendrawemail的IAM权限，我已经这样做了这是错误消息： 2020-08-30T02:19:20.544Z f3980a87-cac0-4f51-9024-d2f92a8a3596 ERROR { AccessDenied: User `arn:aws:sts::mynumericalusernumber:a

我想使用简单电子邮件服务（SES）使用AWS Amplify后端发送电子邮件，但我一直被拒绝访问，因此，互联网上和周围的许多其他答案都表示要设置sendmail和sendrawemail的IAM权限，我已经这样做了

这是错误消息：

2020-08-30T02:19:20.544Z    f3980a87-cac0-4f51-9024-d2f92a8a3596    ERROR   { AccessDenied: User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev' is not authorized to perform `ses:SendEmail' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com'
    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:50:29)
    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)
    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)
    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
  message:
   'User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev\' is not authorized to perform `ses:SendEmail\' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com\'',
  code: 'AccessDenied',
  time: 2020-08-30T02:19:20.541Z,
  requestId: 'ab8175a1-af65-443f-9114-248e240ce7f8',
  statusCode: 403,
  retryable: false,
  retryDelay: 14.074425708542204 } 'AccessDenied: User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev\' is not authorized to perform `ses:SendEmail\' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com\'\n    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:50:29)\n    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)\n    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)\n    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)\n    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)\n    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)'
2020-08-30T02:19:20.544Z f3980a87-cac0-4f51-9024-d2f92a8a35

我仍然有同样的错误，所以我添加了这个

says的域验证

验证状态已验证
DKIM状态已验证
已启用发送“是”

SES处于沙箱模式，我已验证theaddressiamtryingtosendto@gmail.com测试邮件到达收件箱

我觉得我做的每件事都是正确的，那么我还缺少什么才能让这件事起作用呢？

@Marcin引导我找到解决方案，并应该为解决这个问题而致敬

我已将IAM权限附加到IAM用户，而不是lambda/角色。当这项工作完成后，它才开始工作

我仍然不确定在IAM用户和角色中是否需要相同的权限。现在有点害怕对此进行更改，但如果有人知道，请发表评论。

您发布的IAM权限，它们附加到了什么用户/角色？

/* tslint:disable */
/* eslint-disable */
const AWS = require('aws-sdk');

exports.handler = (event, context, callback) => {
  //Create a random number for otp
  const challengeAnswer = Math.random().toString(10).substr(2, 6);
  const phoneNumber = event.request.userAttributes.phone_number;

  sendEmail('theaddressiamtryingtosendto@gmail.com', challengeAnswer)

  //For Debugging
  console.log(event, context);


  //set return params
  event.response.privateChallengeParameters = {};
  event.response.privateChallengeParameters.answer = challengeAnswer;
  event.response.challengeMetadata = 'CUSTOM_CHALLENGE';

  console.log("My log");
  
  callback(null, event);
};


function sendEmail(emailAddress, secretLoginCode) { 
  console.log(emailAddress, secretLoginCode);

  // Load the AWS SDK for Node.js

// Set the region 
AWS.config.update({region: 'us-west-2'});

// Create sendEmail params 
var params = {
  Destination: {
   
   ToAddresses: [
      emailAddress
   ]
  }, 
  Message: {
   Body: {
    Html: {
     Charset: "UTF-8", 
     Data: `<html><body><p>This is your OTP login code:</p>
     <h3>${secretLoginCode}</h3></body></html>`
    }, 
    Text: {
     Charset: "UTF-8", 
     Data: `Your OTP login code: ${secretLoginCode}`
    }
   }, 
   Subject: {
    Charset: "UTF-8", 
    Data: "OTP code"
   }
  }, 
  Source: "noreply@my-own-verified-domain.com"
 };

// Create the promise and SES service object
var sendPromise = new AWS.SES({apiVersion: '2010-12-01'}).sendEmail(params).promise();

// Handle promise's fulfilled/rejected states
sendPromise.then(
  function(data) {
    console.log(data.MessageId);
  }).catch(
    function(err) {
    console.error(err, err.stack); // This is where the error shown is from
    console.log(params);
  });

}

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ses:SendEmail",
                "ses:SendRawEmail"
            ],
            "Resource": "*"
        }
    ]
}