Still getting SIGv2 Utilization warning after updating my credentials

Same problem, just received this email: "We have observed Signature Version 2 requests (on an Amazon SES SMTP endpoint) originating from your account over the last week."

IAM doesn't show any activity for the old user since I regenerated the SMTP credentials 33 days ago.

Thanks.

This line in the email is somewhat misleading:

We have observed Signature Version 2 requests (on an Amazon SES SMTP endpoint) originating from your account over the last week

Got me thinking...could I have a server somewhere using the old credentials? I didn't think so.

So, if in IAM, I can see no activity on the old accounts then I am fine.

Steve

That's the correct way to verify it if you are getting your SMTP credentials from the SES console, absolutely.

There is another, rarer case: for the few customers that are self-signing an existing IAM user by using the sigv2 algorithm (either in their code, or through a library), if they just changed the algorithm to be the sigv4 signing algorithm, they could legitimately still observe activity on the user.

Yes, this was fairly unsettling! Having inherited this system I was pretty sure that I had updated our SMTP credentials in all the requisite locations. Then I got this e-mail warning me that in the past week the service is still being accessed with SIGv2 credentials. I spent hours combing through, self-auditing the entire system and writing up a support request. I should have googled first!

(File this under "Don't believe everything you read on the internet. Even if it comes from Amazon.")

Same issue here. I wish the email was more careful about when the V2 creds were used.