Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Why would this policy not work?

0

I have added a policy in which I've allowed a service acct identity to use VerifyDomainDkim. The gist of the permission= "Effect": "Allow", "Action": "ses:VerifyDomainDkim", "Resource": "arn:aws:ses::[acct-number]:identity/" I am using the same policy to VerifyEmailIdentity and to SendEmails. Those are working but VerifyDomainDkim is not. Using the .Net SDK, I get (One or more errors occurred. (User: arn:aws:iam::[acct-number]:user/[serviceacct] is not authorized to perform: ses:VerifyDomainDkim because no identity-based policy allows the ses:VerifyDomainDkim action))

Topics
Front-End Web & MobileBusiness Applications
Tags
Amazon Simple Email Service
Language
English
asked 4 years ago421 views
1 Answer
0

Based on https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonses.html#amazonses-identity it looks like the syntax for identity resource is arn:${Partition}:ses:${Region}:${Account}:identity/${IdentityName} and I noticed yours is "arn:aws:ses::acct-number:identity/"

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content