There is a manual on how to obtain SMTP credentials using GUI:
Obtaining Amazon SES SMTP credentials using the Amazon SES console
Is there a way to achieve this using Amazon CDK? So far, I've tried using aws-ses
package with zero luck.
I don't expect you to write the code for me, just point me to the right direction.
Describing a workflow will do just fine, thanks.
Obtaining Amazon SES SMTP credentials requires the below IAM policies per the docs :
Your IAM policy must allow you to perform the following IAM actions:
iam:ListUsers
,iam:CreateUser
,iam:CreateAccessKey
, andiam:PutUserPolicy
.
What happens behind the GUI is:
iam:ListUsers
) or is created (using iam:CreateUser
)iam:PutUserPolicy
) to grant them access to perform ses:SendRawEmail
:
"Statement":[{"Effect":"Allow","Action":"ses:SendRawEmail","Resource":"*"}]
iam:CreateAccessKey
) You essentially need to do the above using the @aws-cdk/aws-iam
module, not the @aws-cdk/aws-ses
module (as that's for actually using SES).
For extra confirmation, here's the AWS console mentioning the above:
The accepted answer does not answer how to generate SMTP credentials in CDK as far as I see.
First you need to create an IAM User and a CfnAccessKey for this user.
Then the SMTP password needs to be generated from the Secret Access Key as documented here:
https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-convert
As far as I see the only way to do this in CDK is by using a CustomResource.
An example of such an implementation can be found here:
https://github.com/binxio/cfn-secret-provider/blob/master/src/cfn_accesskey_provider.py
However, as also mentioned in the README ( https://github.com/isotoma/ses-smtp-credentials-cdk#nota-bene-confidentiality-of-keys ),
the STMP password should not be returned from the CustomResource, but instead stored as a Secret.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.