By using AWS re:Post, you agree to the Terms of Use
/SES Authorization Policy not working/

SES Authorization Policy not working

0

Hello, within SES sending mails is possible and working, but i would like to restrict the FROM address which is not working. Even with a limiting(aws@example.com) sending authorization policy I can send with any FROM address. Here is my Sending authorization policies:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "XXX",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::XXX:user/ses-smtp-userXXX"
      },
      "Action": "ses:SendRawEmail",
      "Resource": "arn:XXX:identity/XXX",
      "Condition": {
        "StringLike": {
          "ses:FromAddress": "aws@example.com"
        }
      }
    }
  ]
}

IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "ses:SendRawEmail",
            "Resource": "*"
        }
    ]
}

Do i have to set the condition also for the IAM policy? What is the better/right way for which use-case: IAM or sending authorization policy

1 Answers
0
Accepted Answer

Hi.

The default policy is allowed.
You can allow only specific addresses by denying other than specific From addresses as shown below.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "XXX",
      "Effect": "Deny",
      "Principal": {
        "AWS": "arn:aws:iam::XXX:user/ses-smtp-userXXX"
      },
      "Action": "ses:SendRawEmail",
      "Resource": "arn:XXX:identity/XXX",
      "Condition": {
        "StringNotLike": {
          "ses:FromAddress": "aws@example.com"
        }
      }
    }
  ]
}
EXPERT
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions