如何解决AWS Amplify SES sendmail AccessDenied
我想使用简单电子邮件服务(SES)使用AWS Amplify后端发送电子邮件,但是我一直在这里以及在互联网上不断获取AccessDenied和许多其他答案,说要为sendmail和sendrawemail设置IAM权限,我已经完成了。
这是错误消息:
2020-08-30T02:19:20.544Z f3980a87-cac0-4f51-9024-d2f92a8a3596 ERROR { AccessDenied: User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev' is not authorized to perform `ses:SendEmail' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com'
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:50:29)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
message:
'User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev\' is not authorized to perform `ses:SendEmail\' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com\'',code: 'AccessDenied',time: 2020-08-30T02:19:20.541Z,requestId: 'ab8175a1-af65-443f-9114-248e240ce7f8',statusCode: 403,retryable: false,retryDelay: 14.074425708542204 } 'AccessDenied: User `arn:aws:sts::mynumericalusernumber:assumed-role/myamplifyappCreateAuthChallenge-sampledev/myamplifyappCreateAuthChallenge-sampledev\' is not authorized to perform `ses:SendEmail\' on resource `arn:aws:ses:us-west-2:mynumericalusernumber:identity/theaddressiamtryingtosendto@gmail.com\'\n at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/query.js:50:29)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:78:10)\n at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:688:14)\n at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)\n at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)\n at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10\n at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)\n at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:690:12)\n at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:116:18)'
2020-08-30T02:19:20.544Z f3980a87-cac0-4f51-9024-d2f92a8a35
这是在针对OTP(一次性密码)的创建身份验证挑战中发生的,这是代码
/* tslint:disable */
/* eslint-disable */
const AWS = require('aws-sdk');
exports.handler = (event,context,callback) => {
//Create a random number for otp
const challengeAnswer = Math.random().toString(10).substr(2,6);
const phoneNumber = event.request.userAttributes.phone_number;
sendEmail('theaddressiamtryingtosendto@gmail.com',challengeAnswer)
//For Debugging
console.log(event,context);
//set return params
event.response.privateChallengeParameters = {};
event.response.privateChallengeParameters.answer = challengeAnswer;
event.response.challengeMetadata = 'CUSTOM_CHALLENGE';
console.log("My log");
callback(null,event);
};
function sendEmail(emailAddress,secretLoginCode) {
console.log(emailAddress,secretLoginCode);
// Load the AWS SDK for Node.js
// Set the region
AWS.config.update({region: 'us-west-2'});
// Create sendEmail params
var params = {
Destination: {
ToAddresses: [
emailAddress
]
},Message: {
Body: {
Html: {
Charset: "UTF-8",Data: `<html><body><p>This is your OTP login code:</p>
<h3>${secretLoginCode}</h3></body></html>`
},Text: {
Charset: "UTF-8",Data: `Your OTP login code: ${secretLoginCode}`
}
},Subject: {
Charset: "UTF-8",Data: "OTP code"
}
},Source: "noreply@my-own-verified-domain.com"
};
// Create the promise and SES service object
var sendPromise = new AWS.SES({apiVersion: '2010-12-01'}).sendEmail(params).promise();
// Handle promise's fulfilled/rejected states
sendPromise.then(
function(data) {
console.log(data.MessageId);
}).catch(
function(err) {
console.error(err,err.stack); // This is where the error shown is from
console.log(params);
});
}
我对用户的IAM权限
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Action": [
"ses:SendEmail","ses:SendRawEmail"
],"Resource": "*"
}
]
}
我仍然遇到相同的错误,所以我添加了这个
域验证说
- 验证状态已验证
- DKIM状态已验证
- 已启用发送“是”
SES处于沙盒模式,我已经验证了addressiamtryingtosendto@gmail.com,并且测试电子邮件已到达收件箱。
我觉得我已经正确地完成了所有工作,所以我想念它什么呢?
解决方法
@Marcin将我引向解决方案,应该对此致以敬意
我已将IAM权限附加到IAM用户而不是lambda /角色。完成后,它就开始工作了。
我仍然不确定IAM用户和角色是否需要相同的权限。有点害怕现在对此进行更改,但是如果有人知道,请发表评论。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。