*** UPDATE: This project was migrated from CodePlex to GitHub ***
Obtaining Your Amazon SES SMTP Credentials can be more confusing than one would think. If you find yourself having difficulty authenticating to SES with the credentials that you got from the AWS Console, fret not, it's likely a simple fix.
It is possible to create an IAM user both from the IAM and SES area of the Console. Depending on the path you take, your SES user's username and any manually generated password may not be used for SES authentication. Your SES Access Key is used as the username; however, the related Secret Key is not used as-is for this purpose.
Required IAM Policy
Be sure you have given your IAM user the necessary permissions to relay email through SES. Use the following "least-privilege" policy snippet:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ses:SendRawEmail",
"Resource": "*"
}
]
}
Manual Credential Generation
The Amazon Web Services (AWS) Simple Email Service (SES) SMTP Credential Generator uses your IAM user secret key to create a signing hash for sending raw email via SES. This signing token allows you to relay email through SES with the format specified by you at the time of sending. It does not store or otherwise send your credentials anywhere and is completely safe to use.
Note: The SendEmail permission enables a user to provide input via the API that SES uses to construct a message, whereas SendRawEmail enables a user to relay an already formatted email message (complying with RFC 5322).