Menu
It is possible to use IAM credentials to allow to send mails from specific sender?
I mean, for example, I have two different domains and senders configurated into SES: [email protected] and [email protected]. Is there any way to limit a IAM user and its credentials to just send mails from [email protected]?
I tried to specify a condition in a IAM policy defined into to the user permissions. However I could not find a condition that can solve my problem.
Also I tried to solve the issue using STMP credentials, but I have the same problem. Any ideas?
491
This may have changed since the original answer. You can now do something like:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["ses:SendEmail"],
"Resource":"*",
"Condition": {
"StringEquals": {
"ses:FromAddress": "[email protected]"
}
}
}
]
}
The AWS docs now reflect this: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/control-user-access.html
99
It is possible to use IAM credentials to allow to send mails from specific sender?
NO
See: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/control-user-access.html
You can't specify a particular Amazon SES resource in an IAM policy. You only control access to Amazon SES actions. Therefore, Amazon SES does not use Amazon Resource Names (ARNs), which identify resources in a policy. When you write a policy to control access to Amazon SES actions, you use * as the resource.
(emphasis mine)
You can control what API calls IAM accounts can make(like ses:SendEmail), but you can not restrict what parameters they can use with those API calls(like the source email address)
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
