How to Give Amazon SES Permission to Write to Your Amazon S3 Bucket

Question

I want my SES(AWS) can receive emails, so I follow the following tutorial, http://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-getting-started-receipt-rule.html

When I am at last step - creating rule, it comes with following error, Could not write to bucket: "email-receiving"

I google and found this information on (http://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html) can fix the issue.

However, when adding my policy statement, it comes with an error - This policy contains the following error: Has prohibited field Principal For more information about the IAM policy grammar, see AWS IAM Policies.

My policy statement is,

{ "Version": "2012-10-17", "Statement": [ { "Sid": "GiveSESPermissionToWriteEmail", "Effect": "Allow", "Principal": { "Service": [ "ses.amazonaws.com" ] }, "Action": [ "s3:PutObject" ], "Resource": "arn:aws:s3:::mybulketname/*", "Condition": { "StringEquals": { "aws:Referer": "my12accountId" } } } ] }

If I take off

"Principal": { "Service": [ "ses.amazonaws.com" ] }

Validate policy will pass.

Thanks

Answer 1

I follow this advice but I was still having the issue. After much debugging, I realized that SES was failing to write because I had default server-side encryption (on the bucket) set to "AWS-KMS"

I did a 5 minute google search and couldn't find this incompatibility documented anywhere.

You can work around this by updating your default encryption setting on the target bucket to either "AES-256" or "None".