SES Send Email fails with permission denied

Mint_IT_Media · November 5, 2022, 5:09pm

I’m facing the same issue as the one posted here:

Lambda function:
https://calendar.luptico.com/.netlify/functions/send-email

code can be found here:
https://github.com/garciadiazjaime/website-calendar/blob/main/netlify/functions/send-email.js

error

{
status: "NOT_SEND",
message: "AccessDenied: User `arn:aws:iam::117428681856:user/valle' is not authorized to perform `ses:SendEmail' on resource `arn:aws:ses:us-east-1:117428681856:identity/*****@****.com'",
}

is there a way to add ses:SendEmail permission to the lambda function?

Thanks.

hrishikesh · November 6, 2022, 2:21pm

Hey @Mint_IT_Media,

Since Netlify Functions run on AWS in Netlify’s AWS accounts, I don’t think this is supposed to work. I haven’t checked the AWS docs, but unless they provide a way to specify which account to use SES from, this would not work.

If AWS doesn’t provide a way to do that, on the Enterprise plan, we allow users to deploy Netlify Functions to their own AWS account where you can manage this setting yourself.

Mint_IT_Media · November 6, 2022, 6:13pm

got it, thanks for answering!

arisingco · October 15, 2023, 1:24am

Hey @hrishikesh ,

I’m facing this same issue for one of my netlify projects (but not for a different project).
Is this permission issue only happening with serverless functions?
If I didn’t use a serverless function, could the AWS SES send an email?

arisingco · October 15, 2023, 2:40am

NVM. I was able to find a solution. I simply renamed my variables from SES_ACCESS_KEY to SES_ACCESS and SES_SECRET_KEY to SES_SECRET.

That seems to have allowed me to use AWS SES.