Amazon web services AWS放大SES sendmail访问被拒绝
我想使用简单电子邮件服务(SES)使用AWS Amplify后端发送电子邮件,但我一直被拒绝访问,因此,互联网上和周围的许多其他答案都表示要设置sendmail和sendrawemail的IAM权限,我已经这样做了 这是错误消息:Amazon web services AWS放大SES sendmail访问被拒绝,amazon-web-services,amazon-iam,aws-amplify,amazon-ses,Amazon Web Services,Amazon Iam,Aws Amplify,Amazon Ses,我想使用简单电子邮件服务(SES)使用AWS Amplify后端发送电子邮件,但我一直被拒绝访问,因此,互联网上和周围的许多其他答案都表示要设置sendmail和sendrawemail的IAM权限,我已经这样做了 这是错误消息: 2020-08-30T02:19:20.544Z f3980a87-cac0-4f51-9024-d2f92a8a3596 ERROR { AccessDenied: User `arn:aws:sts::mynumericalusernumber:a
2020-08-30T02:19:20.544Z f3980a87-cac0-4f51-9024-d2f92a8a3596 ERROR { AccessDenied: User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev' is not authorized to perform `ses:SendEmail' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com'
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:50:29)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
message:
'User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev\' is not authorized to perform `ses:SendEmail\' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com\'',
code: 'AccessDenied',
time: 2020-08-30T02:19:20.541Z,
requestId: 'ab8175a1-af65-443f-9114-248e240ce7f8',
statusCode: 403,
retryable: false,
retryDelay: 14.074425708542204 } 'AccessDenied: User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev\' is not authorized to perform `ses:SendEmail\' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com\'\n at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:50:29)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)\n at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)'
2020-08-30T02:19:20.544Z f3980a87-cac0-4f51-9024-d2f92a8a35
我仍然有同样的错误,所以我添加了这个
says的域验证
- 验证状态已验证
- DKIM状态已验证
- 已启用发送“是”
我觉得我做的每件事都是正确的,那么我还缺少什么才能让这件事起作用呢?@Marcin引导我找到解决方案,并应该为解决这个问题而致敬 我已将IAM权限附加到IAM用户,而不是lambda/角色。当这项工作完成后,它才开始工作
我仍然不确定在IAM用户和角色中是否需要相同的权限。现在有点害怕对此进行更改,但如果有人知道,请发表评论。您发布的IAM权限,它们附加到了什么用户/角色?
/* tslint:disable */
/* eslint-disable */
const AWS = require('aws-sdk');
exports.handler = (event, context, callback) => {
//Create a random number for otp
const challengeAnswer = Math.random().toString(10).substr(2, 6);
const phoneNumber = event.request.userAttributes.phone_number;
sendEmail('theaddressiamtryingtosendto@gmail.com', challengeAnswer)
//For Debugging
console.log(event, context);
//set return params
event.response.privateChallengeParameters = {};
event.response.privateChallengeParameters.answer = challengeAnswer;
event.response.challengeMetadata = 'CUSTOM_CHALLENGE';
console.log("My log");
callback(null, event);
};
function sendEmail(emailAddress, secretLoginCode) {
console.log(emailAddress, secretLoginCode);
// Load the AWS SDK for Node.js
// Set the region
AWS.config.update({region: 'us-west-2'});
// Create sendEmail params
var params = {
Destination: {
ToAddresses: [
emailAddress
]
},
Message: {
Body: {
Html: {
Charset: "UTF-8",
Data: `<html><body><p>This is your OTP login code:</p>
<h3>${secretLoginCode}</h3></body></html>`
},
Text: {
Charset: "UTF-8",
Data: `Your OTP login code: ${secretLoginCode}`
}
},
Subject: {
Charset: "UTF-8",
Data: "OTP code"
}
},
Source: "noreply@my-own-verified-domain.com"
};
// Create the promise and SES service object
var sendPromise = new AWS.SES({apiVersion: '2010-12-01'}).sendEmail(params).promise();
// Handle promise's fulfilled/rejected states
sendPromise.then(
function(data) {
console.log(data.MessageId);
}).catch(
function(err) {
console.error(err, err.stack); // This is where the error shown is from
console.log(params);
});
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "*"
}
]
}