Python3 boto3 email-sending error in EC2 (ubuntu)

Question

I want to send email from my EC2 Ubuntu instance.
I have set up in SES: email and domain name verification.
I got Python test code from [https://docs.aws.amazon.com/ses/latest/dg/send-email-raw.html].
However, I run into this error: *botocore.exceptions.NoCredentialsError: Unable to locate credentials*.

Can anyone tell me what kind of credential I need to do it?

Behrens, Isaac · Accepted Answer

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html

Here is a link to the IAM User documentation.  Basically, you need to setup a user that has the correct permissions to send via SES.  If you are unclear about IAM users, you are probably logging into the console with the root user (account owner) that has full access.  This is not recommended.  For your use case, you should create an IAM user (perhaps name ses_sender) with permissions only to send via SES or a few other items to complete your use case.  Then create an API key for that user and configure that API key on your instance or local machine for authentication.

Since you are doing this on an EC2 instance you can create an IAM role (rather than a user) and then an [Instance Profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) referencing the role.  Then by assigning the Instance Profile to the instance, it will get and renew API keys for the role.

Hope this helps!

Didier Durand · Answer

Hi,

Did you set the boto3 credentials with a IAM user having credentials to access SES ?

My preferred way of doing is to use the 2 standard env vars expected by boto3: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html

I user `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`  (+ `AWS_SESSION_TOKEN`  when needed) as it keeps credentials management totally external to my code.

Best,

Didier

Python3 boto3 email-sending error in EC2 (ubuntu)

Add your answer

Relevant content