Install AWS CLI, create a new AWS IAM user for SES, configure and add SES user policy, create user’s IAM access keys, obtain SES SMTP credentials by converting AWS IAM credentials, configure SSMTP and send a test email.
Before We Begin
This article assumes you already have the following:
- AWS SES account configured for production access.
- A verified AWS SES sender (i.e. [email protected]).
- An IAM user’s credentials with at least the following permissions set:
{ "Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:CreateAccessKey",
"iam:CreateUser",
"iam:PutUserPolicy"
],
"Resource": [ "*" ]
}]
}
Installation (Debian Wheezy)
Install awscli:
# apt-get install python2.7 python-pip # pip install awscli
Configuration
Configure awscli if using for the first time:
$ aws configure AWS Access Key ID [****************1234]: AWS Secret Access Key [****************ABCD]: Default region name [eu-west-1]: Default output format [text]: json
Create a SES user policy:
$ cat > ./sespolicy.json << EOL
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ses:SendRawEmail",
"Resource": "*"
}
]
}
EOL
Create a new IAM user for SES:
$ aws iam create-user --user-name SES-USER
{
"User": {
"UserName": "SES-USER",
"Path": "/",
"CreateDate": "2014-10-14T14:52:34.455Z",
"UserId": "AIDAJ33BKAWUSF2MVOD3Q",
"Arn": "arn:aws:iam::297649722856:user/SES-USER"
}
}
Add a SES policy:
$ aws iam put-user-policy --user-name SES-USER --policy-name SESPOLICY --policy-document file://sespolicy.json
Create access keys:
$ aws iam create-access-key --user-name SES-USER
{
"AccessKey": {
"UserName": "SES-USER",
"Status": "Active",
"CreateDate": "2014-10-14T14:53:00.375Z",
"SecretAccessKey": "SecretAccessKey012345example",
"AccessKeyId": "AccessKeyId01example"
}
}
Obtain Amazon SES SMTP Credentials by Converting AWS Credentials
Install OpenSSL and git.
# apt-get install openssl git
Get a bash SES SMTP converter from GitHub:
$ git clone https://github.com/lisenet/ses-smtp-converter.git
Change to folder and make the script executable:
$ cd ./ses-smtp-converter $ chmod u+x ./ses-smtp-conv.sh
Convert an IAM secret access key to a SES SMTP password:
$ ./ses-smtp-conv.sh AccessKeyId01example SecretAccessKey012345example SMTP User: AccessKeyId01example SMTP Pass: AqXIiv3i1pvh0eL3bTx5Sgg6aLagF8pPBcCBpake/c0C
Note: you can also obtain Amazon SES SMTP credentials by using the Amazon SES console.
Configuring SSMTP and Sending a Test Email
Install SSMTP and heirloom-mailx (an intelligent mail processing system):
# apt-get install ssmtp heirloom-mailx
Confgiure SSMTP to use AWS SES:
# cat > /etc/ssmtp/ssmtp.conf << EOL [email protected] mailhub=email-smtp.eu-west-1.amazonaws.com:465 AuthUser=AccessKeyId01example AuthPass=AqXIiv3i1pvh0eL3bTx5Sgg6aLagF8pPBcCBpake/c0C UseTLS=YES AuthMethod=LOGIN FromLineOverride=YES EOL
Send a test email:
$ echo test | mail -v -s "testing ssmtp setup" -r [email protected] [email protected] [<-] 220 email-smtp.amazonaws.com ESMTP SimpleEmailService-871993721 qbd1g98DBizYgNNflWpP [->] EHLO debian [<-] 250 Ok [->] AUTH LOGIN [<-] 334 VXNlcm5hbWU6 [->] QUtJQUpXT0JZTDJRUlFRVVZGWFE= [<-] 334 UGFzc3dvcmQ6 [<-] 235 Authentication successful. [->] MAIL FROM:<[email protected]> [<-] 250 Ok [->] RCPT TO:<[email protected]> [<-] 250 Ok [->] DATA [<-] 354 End data with . [->] Received: by debian (sSMTP sendmail emulation); Tue, 14 Oct 2014 15:56:04 +0100 [->] Date: Tue, 14 Oct 2014 15:56:04 +0100 [->] From: [email protected] [->] To: [email protected] [->] Subject: testing ssmtp setup [->] Message-ID: <543d3984.hSR4l1twBhlkXO4Q%[email protected]> [->] User-Agent: Heirloom mailx 12.5 6/20/10 [->] MIME-Version: 1.0 [->] Content-Type: text/plain; charset=us-ascii [->] Content-Transfer-Encoding: 7bit [->] [->] test [->] . [<-] 250 Ok 000001490f28b40a-8a1ff40b-53e7-4213-a277-b7256887725a-000000 [->] QUIT [<-] 221 Bye