By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Still getting SIGv2 Utilization warning after updating my credentials

0

Hi,

I updated my credentials on the 13th Jan 2021 but have again received the email warning:

Important notification regarding Simple Email Service (SIGv2 Utilization)   

**We have observed Signature Version 2 requests (on an Amazon SES SMTP endpoint) originating from your account over the last week.**

I created the new credentials as instructed and I only use SMTP to send my emails.

Is it possible to find out the IP address of where the "Signature Version 2 requests" observed in the last week are originating?

In IAM I can see the old v2 user account - but last activity on this users shows as 33 days ago.

Many thanks

Steve

Topics
Front-End Web & MobileBusiness Applications
Tags
Amazon Simple Email Service
Language
English
sacu
asked 3 years ago182 views
6 Answers
0
Accepted Answer

Hi,

Those are uses spotted since the beginning of the year, so the notification you received should normally begin with

"If you have already migrated your credentials from Signature Version 2 to Signature Version 4, you can ignore this communication."

EDIT: actually, I doubled checked and you're absolutely right. The communication reminder still contains "over the last week", which is wrong. Those were observed since the beginning of the year. I will make sure this gets corrected, please accept our apologies for the confusion.

AWS-User-9331904
answered 3 years ago
0

Same problem, just received this email: "We have observed Signature Version 2 requests (on an Amazon SES SMTP endpoint) originating from your account over the last week."

IAM doesn't show any activity for the old user since I regenerated the SMTP credentials 33 days ago.

npomerleau
answered 3 years ago
0

Thanks.

This line in the email is somewhat misleading:

We have observed Signature Version 2 requests (on an Amazon SES SMTP endpoint) originating from your account over the last week

Got me thinking...could I have a server somewhere using the old credentials? I didn't think so.

So, if in IAM, I can see no activity on the old accounts then I am fine.

Steve

sacu
answered 3 years ago
0

That's the correct way to verify it if you are getting your SMTP credentials from the SES console, absolutely.

There is another, rarer case: for the few customers that are self-signing an existing IAM user by using the sigv2 algorithm (either in their code, or through a library), if they just changed the algorithm to be the sigv4 signing algorithm, they could legitimately still observe activity on the user.

AWS-User-9331904
answered 3 years ago
0

Yes, this was fairly unsettling! Having inherited this system I was pretty sure that I had updated our SMTP credentials in all the requisite locations. Then I got this e-mail warning me that in the past week the service is still being accessed with SIGv2 credentials. I spent hours combing through, self-auditing the entire system and writing up a support request. I should have googled first!

(File this under "Don't believe everything you read on the internet. Even if it comes from Amazon.")

Yossi15
answered 3 years ago
0

Same issue here. I wish the email was more careful about when the V2 creds were used.

whitewizardllc
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content