使用 IAM 角色创建 AWS SES SMTP 凭证
Creating AWS SES SMTP credentials using IAM Role
我正在尝试使用附加到 EC2 实例的 IAM 角色来生成一组 AWS SES SMTP 凭证。但是,在使用亚马逊提供的脚本从 IAM 角色的 Secret_Key 生成 SMTP 密码,并使用 IAM 角色的 Access_Key_ID 后,当尝试通过 [=34= 发送电子邮件时], 我收到错误 (535, b'Authentication Credentials Invalid').
这是我发送电子邮件的方式:
#django.core.mail
EMAIL_USE_TLS = True
EMAIL_HOST = 'email-smtp.us-east-1.amazonaws.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = credentials.access_key
EMAIL_HOST_PASSWORD = SMTP_PASSWORD
send_mail(
'Subject here',
'Here is the message.',
'from@example.com',
['to@example.com'],
fail_silently=False,
)
以及我如何生成密码:
session = boto3.session.Session()
credentials = session.get_credentials().get_frozen_credentials()
region = requests.get('http://169.254.169.254/latest/dynamic/instance-identity/document').json()['region']
SMTP_PASSWORD = smtp_credentials_generate.calculate_key(secret_access_key=credentials.secret_key, region=region)
SMTP 密码生成脚本在这里:https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html。
通过一些研究,我发现这些链接表明您不能使用 IAM 角色来生成 SMTP 凭据:
https://serverfault.com/questions/584789/is-it-possible-to-send-email-via-the-amazon-ses-smtp-service-with-a-iam-role-acc
https://hector.dev/2015/01/17/sending-e-mail-via-amazon-ses-over-smtp-with-iam-roles.html
但是亚马逊官方QA说是可以的:
https://aws.amazon.com/premiumsupport/knowledge-center/ses-create-smtp-credentials/
Important: The IAM user or role that you use to create the SMTP credentials...
所以可以吗?我做错了什么?
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
Don't use temporary AWS credentials to derive SMTP credentials. The Amazon SES SMTP interface doesn't support SMTP credentials that have been generated from temporary security credentials.
关于您引用的亚马逊官方 QA,它说您可以使用该角色在 Web 控制台中创建 SMTP 凭据。
我正在尝试使用附加到 EC2 实例的 IAM 角色来生成一组 AWS SES SMTP 凭证。但是,在使用亚马逊提供的脚本从 IAM 角色的 Secret_Key 生成 SMTP 密码,并使用 IAM 角色的 Access_Key_ID 后,当尝试通过 [=34= 发送电子邮件时], 我收到错误 (535, b'Authentication Credentials Invalid').
这是我发送电子邮件的方式:
#django.core.mail
EMAIL_USE_TLS = True
EMAIL_HOST = 'email-smtp.us-east-1.amazonaws.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = credentials.access_key
EMAIL_HOST_PASSWORD = SMTP_PASSWORD
send_mail(
'Subject here',
'Here is the message.',
'from@example.com',
['to@example.com'],
fail_silently=False,
)
以及我如何生成密码:
session = boto3.session.Session()
credentials = session.get_credentials().get_frozen_credentials()
region = requests.get('http://169.254.169.254/latest/dynamic/instance-identity/document').json()['region']
SMTP_PASSWORD = smtp_credentials_generate.calculate_key(secret_access_key=credentials.secret_key, region=region)
SMTP 密码生成脚本在这里:https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html。
通过一些研究,我发现这些链接表明您不能使用 IAM 角色来生成 SMTP 凭据:
https://serverfault.com/questions/584789/is-it-possible-to-send-email-via-the-amazon-ses-smtp-service-with-a-iam-role-acc https://hector.dev/2015/01/17/sending-e-mail-via-amazon-ses-over-smtp-with-iam-roles.html
但是亚马逊官方QA说是可以的: https://aws.amazon.com/premiumsupport/knowledge-center/ses-create-smtp-credentials/
Important: The IAM user or role that you use to create the SMTP credentials...
所以可以吗?我做错了什么?
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
Don't use temporary AWS credentials to derive SMTP credentials. The Amazon SES SMTP interface doesn't support SMTP credentials that have been generated from temporary security credentials.
关于您引用的亚马逊官方 QA,它说您可以使用该角色在 Web 控制台中创建 SMTP 凭据。