Menu
I am trying to send an email using Amazon SES in AWS Lambda function, For this i am facing the following error.
AccessDenied: User
arn:aws:sts::XXXXX:assumed-role/lambda_basic_execution/awslambda_XXXX' is not authorized to performses:SendEmail' on resource `arn:aws:ses:us-west-2:XXX:identity/[email protected]'
I have granted permission for
"ses:SendEmail", "ses:SendRawEmail" for the IAM role.
603
When you use Amazon SES to receive messages, you can configure Amazon SES to call your Lambda function when messages arrive. The service can then invoke your Lambda function by passing in the incoming email event, which in reality is an Amazon SES message in an Amazon SNS event, as a parameter.
Open the Functions page of the Lambda console. Choose a function. Choose Configuration and then choose Permissions. Scroll down to Resource-based policy and then choose View policy document.
So, I was also having the same problem which Rakesh has explained but couldn't understand the steps he was saying to do so here is a detailed explanation with steps.
You need to do the following Security, Identity & Compliance -> IAM -> Roles -> select your lambda function -> then edit policy -> open it in JSON and add the below part
{ "Effect":"Allow", "Action":[ "ses:SendEmail", "ses:SendRawEmail" ], "Resource":"*" } or you can do as per requirement from these policy examples https://docs.aws.amazon.com/ses/latest/DeveloperGuide/control-user-access.html#iam-and-ses-examples-email-sending-actions also, you need to verify the email address first so don't forget that. Hope this helps everyone.
86
After a long debugging i got the issue, "lambda_basic_execution" role need to be granted with permission to access "ses:SendEmail", "ses:SendRawEmail".
Where i was trying to grant permission for the new IAM role i have created, but lambda function is mapped to "lambda_basic_execution" so there is a mismatch.
Reference - http://docs.aws.amazon.com/ses/latest/DeveloperGuide/control-user-access.html#iam-and-ses-examples-email-sending-actions
23
If you are configuring policies for a SAM Lambda or using a YAML configuration file, you would use something like this:
template.yaml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: 'your-email-lambda'
Resources:
YourEmailFunction:
Type: AWS:Serverless::Function
Properties:
Policies:
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 'ses:SendEmail'
- 'ses:SendRawEmail'
Resource: '*'
As what others said you should add this two permissions: ses:SendEmail,ses:SendRawEmail
I just want to add explaination for those who use Serverless framework
In serverless.yml:
provider:
name: aws
stage: dev
runtime: nodejs10.x
region: us-west-1
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- lambda:InvokeFunction
- ses:SendEmail # add this
- ses:SendRawEmail # add this
Resource: '*' # add this
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
