Menu
We have recently got an email from Amazon.
Hello,
Amazon Web Services currently supports Amazon SES API requests that are signed using Signature
Version 3 and Signature Version 4 processes. Signature Version 4 further enhances the security around
authentication and authorization of Amazon SES customers by using a signing key instead of your
secret access key. To improve the security for our customers, beginning October 1, 2020, Amazon
Signature Version 3 will be turned off (deprecated) in Amazon SES in favor of Signature Version 4.
Amazon SES customers who are still using Signature Version 3 must migrate to Signature Version 4 by
September 30, 2020. After that, Amazon SES will only accept requests that are signed using Signature
Version 4. For more information, see Signature Version 4 signing process [1].
What Happens if I Don't Make Updates?
Requests signed with Signature Version 3 that are made after September 30, 2020 will fail to
authenticate with Amazon SES. Requesters will see errors stating that the request must be signed with
Signature Version 4.
References:
[1] https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Sincerely,
Amazon Web Services
Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of
Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry
Ave. North, Seattle, WA 98109-5210
We have several PHP Codeigniter applications where we use Amazon SES SMTP credentials to send email. we don't use AWS Access Key & Secret Key to send email. So I assume this migration to Signature Version 4 wont affect on our application. Can anyone assure me that if my assumption is correct ?
265
To move to Signature Version 4: - If you are self-signing your requests, refer to our documentation for Authenticating requests to the Amazon SES API [1] and creating a canonical request for Signature Version 4 [2]. - If you are not self-signing your requests, simply update your SDK/CLI to the latest version.
php require 'Send_Mail. php'; $to = "[email protected]"; $subject = "Test Mail Subject"; $body = "Hi<br/>Test Mail<br/>Amazon SES"; // HTML tags Send_Mail($to,$subject,$body); ?>
Signature Version 4 is the process to add authentication information to AWS requests which we will sent by HTTP. For security, most requests to AWS must be signed with access key ID and secret access key. These two keys are referred as your security credentials. How Signature Version 4 works:
If you generated your SMTP credentials using the SES Console, simply create new credentials and replace your existing credentials with the new ones. If you derived your SMTP credentials from your AWS credentials, make sure you are using the Signature Version 4 algorithm.
You need an Amazon SES SMTP user name and password to access the Amazon SES SMTP interface. The credentials that you use to send email through the Amazon SES SMTP interface are unique to each AWS Region.
To migrate to Signature Version 4, please replace your existing SMTP credentials using the appropriate procedure relative to your setup: If you generated your SMTP credentials using the SES Console, simply create new credentials and replace your existing credentials with the new ones.
If you’re using SMTP to send emails using SES, sigv4 shouldn’t affect you, it’s only for sendemail or sendrawemail api calls.
135
If you are using SES SMTP credentials to send emails using SMTP you may still be affected. SES SMTP credentials are signed, and previous to February 2019 AWS used SignatureV2 when generating credentials via the SES console. A forum post from an AWS employee confirms this:
If you are referring to the communication sent to a few customers to migrate from V2 credentials to V4 credentials for Smtp, yes, even if you don't use the SDK, you have to do that.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
