Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Contact form for sending mail from AWS SES using AWS API Gateway

0

I am trying to create a serverless contact form in S3 that calls AWS API Gateway that then interacts with SES to send an email to a "contact us" email recipient. I am following the tutorial at https://levelup.gitconnected.com/creating-a-serverless-contact-form-on-aws-ff339ad1fa60 and am stuck at the part where I've created the API and am trying to test it with a JSON payload. The problem is the API test behaves as expected and returns a successful http 200 BUT it seems SES is returning an error that looks like ->

{"Error":{"Code":"SignatureDoesNotMatch","Message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.","Type":"Sender"},"RequestId":"1559f1b5-7000-4fe5-9d70-38b729adba46"}

Here is the entire execution stack from the API test in the AWS API configuration area ->

Execution log for request a18a0aa1-fa42-4bc8-a3c0-c6754716398f
Fri Dec 02 20:19:12 UTC 2022 : Starting execution for request: a18a0aa1-fa42-4bc8-a3c0-c6754716398f
Fri Dec 02 20:19:12 UTC 2022 : HTTP Method: POST, Resource Path: /
Fri Dec 02 20:19:12 UTC 2022 : Method request path: {}
Fri Dec 02 20:19:12 UTC 2022 : Method request query string: {}
Fri Dec 02 20:19:12 UTC 2022 : Method request headers: {}
Fri Dec 02 20:19:12 UTC 2022 : Method request body before transformations: {
  "name": "Test Name",
  "email": "test@test.com",
  "phone": "123-456-7890",
  "message": "This is a test message!"
}
Fri Dec 02 20:19:12 UTC 2022 : Endpoint request URI: https://email.us-east-1.amazonaws.com/SendEmailToWhomeverILike
Fri Dec 02 20:19:12 UTC 2022 : Endpoint request headers: {Authorization=************************************************************************************************************************************************************************************************************************************************************************098c83, X-Amz-Date=20221202T201912Z, x-amzn-apigateway-api-id=1j6iefoiqj, Accept=application/json, User-Agent=AmazonAPIGateway_1j6iefoiqj, X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJX//////////wEaCXVzLWVhc3QtMSJHMEUCIAVdXRcxBZlgf9mN9jqp6OxEtITF/KMl+MzbXyb89NZrAiEAzSxr6P0cIMDwGDkkXOYr1C2KINbRKN2X0zozBMh7fjIq7gIIrf//////////ARADGgwzMzc2MzIxMzUyNDQiDHpwxD6RfZw5uGjCHirCAse0l62z8auypaCu5K+bUgeCqsXqtE7bjBhct1ZG0WK5q5gw3DRKGLPmqPc9nFZ1pbeRUCw5LvuuI+6jQKs2CCJisZlgrGjSD/m1akgPkVsR1FtCNj6z7GEURaTg6r3aqz2KXyrHVft4cex+BoSOeMUMBBXWOKJirppkK8KGz4yNNPYFJ1BPLWQJcWOb6rPi/87pPoey0E3PiwLf1SXTVzkc/S/I/tpLzV7fARx4vheXC7c+SmAHyg/Zm318As5OBCqGBPXKpK0UT/7z4r9/vqDRzCsXXe0FCGJjOyMuM5y9k5bnsT5sRjpenX1DOkUopLoEsc2xTjunfEXKGmfn+M96I+Z3JbrnGMz [TRUNCATED]
Fri Dec 02 20:19:12 UTC 2022 : Endpoint request body after transformations: Action=SendEmail&Message.Body.Text.Data=%0AName%3A+%22Test+Name%22%0AEmail%3A+%22test%40test.com%22%0APhone%3A+%22123-456-7890%22%0AMessage%3A+%22This+is+a+test+message%21%22&Message.Subject.Data=Contact+form+submission&Destination.ToAddresses.member.1=DudeDudely%40hotmail.com&Source=no_reply_contact_form_submission%40ThatBigTLD.com
Fri Dec 02 20:19:12 UTC 2022 : Sending request to https://email.us-east-1.amazonaws.com/SendEmailToWhomeverILike
Fri Dec 02 20:19:12 UTC 2022 : Received response. Status: 403, Integration latency: 21 ms
Fri Dec 02 20:19:12 UTC 2022 : Endpoint response headers: {Date=Fri, 02 Dec 2022 20:19:12 GMT, Content-Type=application/json, Content-Length=300, Connection=keep-alive, x-amzn-RequestId=1559f1b5-7000-4fe5-9d70-38b729adba46}
Fri Dec 02 20:19:12 UTC 2022 : Endpoint response body before transformations: {"Error":{"Code":"SignatureDoesNotMatch","Message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.","Type":"Sender"},"RequestId":"1559f1b5-7000-4fe5-9d70-38b729adba46"}
Fri Dec 02 20:19:12 UTC 2022 : Method response body after transformations: {"Error":{"Code":"SignatureDoesNotMatch","Message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.","Type":"Sender"},"RequestId":"1559f1b5-7000-4fe5-9d70-38b729adba46"}
Fri Dec 02 20:19:12 UTC 2022 : Method response headers: {X-Amzn-Trace-Id=Root=1-638a5dc0-85f935e6291eab49e7dbe023, Content-Type=application/json}
Fri Dec 02 20:19:12 UTC 2022 : Successfully completed execution
Fri Dec 02 20:19:12 UTC 2022 : Method completed with status: 200

I have also tested this in Postman and I get the same results. The JSON payload I used in the test looks like ->

{
  "name": "Test Name",
  "email": "test@test.com",
  "phone": "123-456-7890",
  "message": "This is a test message!"
}

I have an IAM role associated with this api that looks like

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Custom",
            "Effect": "Allow",
            "Action": [
                "ses:SendEmail"
            ],
            "Resource": "*"
        }
    ]
}

This IAM role's ARN is referenced in the Integration Request section as

Execution role arn:aws:iam::<ABigNumberImNotGoingToShowYou>:role/ApiGatewaySes

My main question is ....... do I also need to send some other type of authentication token? If so where would I configure that information?

Topics
ServerlessFront-End Web & MobileManagement & GovernanceBusiness ApplicationsNetworking & Content Delivery
Tags
Amazon API GatewayServerlessAWS Command Line InterfaceAmazon Simple Email Service
Language
English
asked 3 years ago675 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content