Laravel AWS SES - 403 Forbidden - SignatureDoesNotMatch when trying to send email

Question

I'm using the SES Driver "aws/aws-sdk-php" in my Laravel app to send out email via AWS SES(Simple Email Service).

The access key and secret were generated from the SES console > SMTP Settings > Create My SMTP Credentials button.

The credentials are being saved in the production .env file as such:

...
MAIL_FROM_ADDRESS=noreply@example.com
MAIL_FROM_NAME="My Laravel App"

SES_KEY=**********
SES_SECRET=*********
SES_REGION=us-east-1
...

Previously, we already tested with another set of SMTP credentials generated from another AWS account during development, and it works without any issues. Emails are being sent out as expected. It even works when using the Keys in a local environment.

However, when we are preparing for a production server on another AWS account, the SMTP credentials generated from SES doesn't seem to be working at all, and we are getting the following 403 Forbidden response:

[2019-07-09 16:22:55] production.ERROR: Error executing "SendRawEmail" on "https://email.us-east-1.amazonaws.com"; AWS HTTP error: Client error: `POST https://email.us-east-1.amazonaws.com` resulted in a `403 Forbidden` response:
<ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDo (truncated...)
 SignatureDoesNotMatch (client): The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. - <ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
  </Error>
  <RequestId>123abc123-44d3-aa33-vv33-bb1234gg9g1c</RequestId>
</ErrorResponse>
 {"exception":"[object] (Aws\\Ses\\Exception\\SesException(code: 0): Error executing \"SendRawEmail\" on \"https://email.us-east-1.amazonaws.com\"; AWS HTTP error: Client error: `POST https://email.us-east-1.amazonaws.com` resulted in a `403 Forbidden` response:
<ErrorResponse xmlns=\"http://ses.amazonaws.com/doc/2010-12-01/\">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDo (truncated...)
 SignatureDoesNotMatch (client): The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. - <ErrorResponse xmlns=\"http://ses.amazonaws.com/doc/2010-12-01/\">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDoesNotMatch</Code>
    <Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
  </Error>
  <RequestId>123abc123-44d3-aa33-vv33-bb1234gg9g1c</RequestId>
</ErrorResponse>
 at /var/www/laravel/myapp/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php:191, GuzzleHttp\\Exception\\ClientException(code: 403): Client error: `POST https://email.us-east-1.amazonaws.com` resulted in a `403 Forbidden` response:
<ErrorResponse xmlns=\"http://ses.amazonaws.com/doc/2010-12-01/\">
  <Error>
    <Type>Sender</Type>
    <Code>SignatureDo (truncated...)

I tried generating another pair of access keys but still the same.

Note that we have successfully verified our domain and Email Address on SES, and tested sending out email from the verified Email Address via the SES console successfully.

Any help as to what is causing the error is greatly appreciated.

Answer 1

Solved.

I must create an IAM credentials from AWS console instead of SMTP credentials if I'm using SES driver.