stackoom
  简体   繁体   中英

How can I generate AWS SES SMTP credentials using the CDK?

 原文  2021-10-27 09:31:36       amazon-web-services/ amazon-ses/ aws-cdk

Question

There is a manual on how to obtain SMTP credentials using GUI:

Obtaining Amazon SES SMTP credentials using the Amazon SES console

Is there a way to achieve this using Amazon CDK? So far, I've tried using aws-ses package with zero luck.

I don't expect you to write the code for me, just point me to the right direction.

Describing a workflow will do just fine, thanks.

2 answers

solution1
 1 ACCPTED  2021-10-27 11:59:08

Obtaining Amazon SES SMTP credentials requires the below IAM policies per the docs :

Your IAM policy must allow you to perform the following IAM actions: iam:ListUsers , iam:CreateUser , iam:CreateAccessKey , and iam:PutUserPolicy .

What happens behind the GUI is:

  1. An IAM user name is either inputted (and validated using iam:ListUsers ) or is created (using iam:CreateUser )
  2. An inline policy is added to the user's permissions (using iam:PutUserPolicy ) to grant them access to perform ses:SendRawEmail :

"Statement":[{"Effect":"Allow","Action":"ses:SendRawEmail","Resource":"*"}]

  1. SMTP credentials are then generated for the above user (using iam:CreateAccessKey )

You essentially need to do the above using the @aws-cdk/aws-iam module, not the @aws-cdk/aws-ses module (as that's for actually using SES).

For extra confirmation, here's the AWS console mentioning the above:

在此处输入图片说明

在此处输入图片说明

在此处输入图片说明

solution2
 0  2022-01-31 19:02:26

The accepted answer does not answer how to generate SMTP credentials in CDK as far as I see.

First you need to create an IAM User and a CfnAccessKey for this user.
Then the SMTP password needs to be generated from the Secret Access Key as documented here:
https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-convert

As far as I see the only way to do this in CDK is by using a CustomResource.
An example of such an implementation can be found here:
https://github.com/binxio/cfn-secret-provider/blob/master/src/cfn_accesskey_provider.py

However, as also mentioned in the README ( https://github.com/isotoma/ses-smtp-credentials-cdk#nota-bene-confidentiality-of-keys ),
the STMP password should not be returned from the CustomResource, but instead stored as a Secret.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Credentials for SES using AWS SDK PHP (SMTP/IAM) Creating AWS SES SMTP credentials using IAM Role Creating AWS SES SMTP credentials in python2 How can I identify that an AWS Lambda was created using the AWS CDK? How can I specify Account ID in CDK when I'm authorized with temp credentials to the AWS account? AWS SES with PHPMailer using SMTP, SMTP Error: Could not authenticate? How do I generate an IAM service specific credential using aws cdk? Impact of migrating to Signature Version 4 in AWS SES where we use AWS SES SMTP credentials in sending email in PHP application? How do I send an email via AWS SES only if the recipient's server supports SMTP TLS? AWS SES - SMTP vs SES client
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM