Configure AWS IAM User Account to Send Emails via SES by Using AWS CLI

Install AWS CLI, create a new AWS IAM user for SES, configure and add SES user policy, create user’s IAM access keys, obtain SES SMTP credentials by converting AWS IAM credentials, configure SSMTP and send a test email. 

Before We Begin

This article assumes you already have the following:

  1. AWS SES account configured for production access.
  2. A verified AWS SES sender (i.e. [email protected]).
  3. An IAM user’s credentials with at least the following permissions set:
{ "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:CreateAccessKey",
        "iam:CreateUser",
        "iam:PutUserPolicy"
      ],
      "Resource": [ "*" ]
    }]
}

Installation (Debian Wheezy)

Install awscli:

# apt-get install python2.7 python-pip
# pip install awscli

Configuration

Configure awscli if using for the first time:

$ aws configure
AWS Access Key ID [****************1234]: 
AWS Secret Access Key [****************ABCD]: 
Default region name [eu-west-1]: 
Default output format [text]: json

Create a SES user policy:

$ cat > ./sespolicy.json << EOL
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ses:SendRawEmail",
      "Resource": "*"
    }
  ]
}
EOL

Create a new IAM user for SES:

$ aws iam create-user --user-name SES-USER
{
    "User": {
        "UserName": "SES-USER", 
        "Path": "/", 
        "CreateDate": "2014-10-14T14:52:34.455Z", 
        "UserId": "AIDAJ33BKAWUSF2MVOD3Q", 
        "Arn": "arn:aws:iam::297649722856:user/SES-USER"
    }
}

Add a SES policy:

$ aws iam put-user-policy --user-name SES-USER --policy-name SESPOLICY --policy-document file://sespolicy.json

Create access keys:

$ aws iam create-access-key --user-name SES-USER
{
    "AccessKey": {
        "UserName": "SES-USER", 
        "Status": "Active", 
        "CreateDate": "2014-10-14T14:53:00.375Z", 
        "SecretAccessKey": "SecretAccessKey012345example", 
        "AccessKeyId": "AccessKeyId01example"
    }
}

Obtain Amazon SES SMTP Credentials by Converting AWS Credentials

Install OpenSSL and git.

# apt-get install openssl git

Get a bash SES SMTP converter from GitHub:

$ git clone https://github.com/lisenet/ses-smtp-converter.git

Change to folder and make the script executable:

$ cd ./ses-smtp-converter
$ chmod u+x ./ses-smtp-conv.sh

Convert an IAM secret access key to a SES SMTP password:

$ ./ses-smtp-conv.sh AccessKeyId01example SecretAccessKey012345example
SMTP User: AccessKeyId01example
SMTP Pass: AqXIiv3i1pvh0eL3bTx5Sgg6aLagF8pPBcCBpake/c0C

Note: you can also obtain Amazon SES SMTP credentials by using the Amazon SES console.

Configuring SSMTP and Sending a Test Email

Install SSMTP and heirloom-mailx (an intelligent mail processing system):

# apt-get install ssmtp heirloom-mailx

Confgiure SSMTP to use AWS SES:

# cat > /etc/ssmtp/ssmtp.conf << EOL
[email protected]
mailhub=email-smtp.eu-west-1.amazonaws.com:465
AuthUser=AccessKeyId01example
AuthPass=AqXIiv3i1pvh0eL3bTx5Sgg6aLagF8pPBcCBpake/c0C
UseTLS=YES
AuthMethod=LOGIN
FromLineOverride=YES
EOL

Send a test email:

$ echo test | mail -v -s "testing ssmtp setup" -r [email protected] [email protected]
[<-] 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-871993721 qbd1g98DBizYgNNflWpP [->] EHLO debian
[<-] 250 Ok [->] AUTH LOGIN
[<-] 334 VXNlcm5hbWU6 [->] QUtJQUpXT0JZTDJRUlFRVVZGWFE=
[<-] 334 UGFzc3dvcmQ6
[<-] 235 Authentication successful. [->] MAIL FROM:<[email protected]>
[<-] 250 Ok [->] RCPT TO:<[email protected]>
[<-] 250 Ok [->] DATA
[<-] 354 End data with .
[->] Received: by debian (sSMTP sendmail emulation); Tue, 14 Oct 2014 15:56:04 +0100
[->] Date: Tue, 14 Oct 2014 15:56:04 +0100
[->] From: [email protected]
[->] To: [email protected]
[->] Subject: testing ssmtp setup
[->] Message-ID: <543d3984.hSR4l1twBhlkXO4Q%[email protected]>
[->] User-Agent: Heirloom mailx 12.5 6/20/10
[->] MIME-Version: 1.0
[->] Content-Type: text/plain; charset=us-ascii
[->] Content-Transfer-Encoding: 7bit
[->] 
[->] test
[->] .
[<-] 250 Ok 000001490f28b40a-8a1ff40b-53e7-4213-a277-b7256887725a-000000 [->] QUIT
[<-] 221 Bye

Leave a Reply

Your email address will not be published. Required fields are marked *