[英]Creating AWS SES SMTP credentials using IAM Role
I am trying to use an IAM Role that I have attached to an EC2 instance to generate a set of AWS SES SMTP credentials.我正在尝试使用附加到 EC2 实例的 IAM 角色来生成一组 AWS SES SMTP 凭证。 However, after using the script given by Amazon to generate the SMTP Password from the Secret_Key of the IAM Role, and using the Access_Key_ID of the IAM Role, when trying to send an email via django.core.mail, I get error
(535, b'Authentication Credentials Invalid')
.但是,在使用亚马逊提供的脚本从 IAM 角色的 Secret_Key 生成 SMTP 密码并使用 IAM 角色的 Access_Key_ID 后,当尝试通过 Z2B9AFB89A6ACC1575B159BFCA 发送
(535, b'Authentication Credentials Invalid')
时,错误(535, b'Authentication Credentials Invalid')
。
This is how I am sending the email:这就是我发送 email 的方式:
#django.core.mail
EMAIL_USE_TLS = True
EMAIL_HOST = 'email-smtp.us-east-1.amazonaws.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = credentials.access_key
EMAIL_HOST_PASSWORD = SMTP_PASSWORD
send_mail(
'Subject here',
'Here is the message.',
'from@example.com',
['to@example.com'],
fail_silently=False,
)
And how am I generating the password:我如何生成密码:
session = boto3.session.Session()
credentials = session.get_credentials().get_frozen_credentials()
region = requests.get('http://169.254.169.254/latest/dynamic/instance-identity/document').json()['region']
SMTP_PASSWORD = smtp_credentials_generate.calculate_key(secret_access_key=credentials.secret_key, region=region)
The SMTP Password generate script is here: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html . SMTP 密码生成脚本在这里: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.ZFC35FDC70D5FC69D269883A82E2C
Through some research, I found these links that say you cannot use an IAM Role to use generate SMTP credentials:通过一些研究,我发现这些链接表明您不能使用 IAM 角色来生成 SMTP 凭证:
https://serverfault.com/questions/584789/is-it-possible-to-send-email-via-the-amazon-ses-smtp-service-with-a-iam-role-acc https://hector.dev/2015/01/17/sending-e-mail-via-amazon-ses-over-smtp-with-iam-roles.html https://serverfault.com/questions/584789/is-it-possible-to-send-email-via-the-amazon-ses-smtp-service-with-a-iam-role-acc https://hector .dev/2015/01/17/sending-e-mail-via-amazon-ses-over-smtp-with-iam-roles.html
However, Amazons official QA says that it is possible: https://aws.amazon.com/premiumsupport/knowledge-center/ses-create-smtp-credentials/但是,亚马逊官方 QA 说有可能: https://aws.amazon.com/premiumsupport/knowledge-center/ses-create-smtp-credentials/
Important: The IAM user or role that you use to create the SMTP credentials...
重要提示:您用于创建 SMTP 凭证的 IAM 用户或角色...
So is it possible or not?那么有没有可能呢? What am I doing wrong?
我究竟做错了什么?
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
Don't use temporary AWS credentials to derive SMTP credentials.
不要使用临时 AWS 凭证来派生 SMTP 凭证。 The Amazon SES SMTP interface doesn't support SMTP credentials that have been generated from temporary security credentials.
Amazon SES SMTP 接口不支持从临时安全凭证生成的 SMTP 凭证。
Regarding the Amazon official QA that you referenced, it's saying that you can use the role to create SMTP credentials in the web console .关于您引用的亚马逊官方 QA,据说您可以使用该角色在 web 控制台中创建 SMTP 凭证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.