Contact form for sending mail from AWS SES using AWS API Gateway
I am trying to create a serverless contact form in S3 that calls AWS API Gateway that then interacts with SES to send an email to a "contact us" email recipient. I am following the tutorial at https://levelup.gitconnected.com/creating-a-serverless-contact-form-on-aws-ff339ad1fa60 and am stuck at the part where I've created the API and am trying to test it with a JSON payload. The problem is the API test behaves as expected and returns a successful http 200 BUT it seems SES is returning an error that looks like ->
{"Error":{"Code":"SignatureDoesNotMatch","Message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.","Type":"Sender"},"RequestId":"1559f1b5-7000-4fe5-9d70-38b729adba46"}
Here is the entire execution stack from the API test in the AWS API configuration area ->
Execution log for request a18a0aa1-fa42-4bc8-a3c0-c6754716398f
Fri Dec 02 20:19:12 UTC 2022 : Starting execution for request: a18a0aa1-fa42-4bc8-a3c0-c6754716398f
Fri Dec 02 20:19:12 UTC 2022 : HTTP Method: POST, Resource Path: /
Fri Dec 02 20:19:12 UTC 2022 : Method request path: {}
Fri Dec 02 20:19:12 UTC 2022 : Method request query string: {}
Fri Dec 02 20:19:12 UTC 2022 : Method request headers: {}
Fri Dec 02 20:19:12 UTC 2022 : Method request body before transformations: {
"name": "Test Name",
"email": "test@test.com",
"phone": "123-456-7890",
"message": "This is a test message!"
}
Fri Dec 02 20:19:12 UTC 2022 : Endpoint request URI: https://email.us-east-1.amazonaws.com/SendEmailToWhomeverILike
Fri Dec 02 20:19:12 UTC 2022 : Endpoint request headers: {Authorization=************************************************************************************************************************************************************************************************************************************************************************098c83, X-Amz-Date=20221202T201912Z, x-amzn-apigateway-api-id=1j6iefoiqj, Accept=application/json, User-Agent=AmazonAPIGateway_1j6iefoiqj, X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJX//////////wEaCXVzLWVhc3QtMSJHMEUCIAVdXRcxBZlgf9mN9jqp6OxEtITF/KMl+MzbXyb89NZrAiEAzSxr6P0cIMDwGDkkXOYr1C2KINbRKN2X0zozBMh7fjIq7gIIrf//////////ARADGgwzMzc2MzIxMzUyNDQiDHpwxD6RfZw5uGjCHirCAse0l62z8auypaCu5K+bUgeCqsXqtE7bjBhct1ZG0WK5q5gw3DRKGLPmqPc9nFZ1pbeRUCw5LvuuI+6jQKs2CCJisZlgrGjSD/m1akgPkVsR1FtCNj6z7GEURaTg6r3aqz2KXyrHVft4cex+BoSOeMUMBBXWOKJirppkK8KGz4yNNPYFJ1BPLWQJcWOb6rPi/87pPoey0E3PiwLf1SXTVzkc/S/I/tpLzV7fARx4vheXC7c+SmAHyg/Zm318As5OBCqGBPXKpK0UT/7z4r9/vqDRzCsXXe0FCGJjOyMuM5y9k5bnsT5sRjpenX1DOkUopLoEsc2xTjunfEXKGmfn+M96I+Z3JbrnGMz [TRUNCATED]
Fri Dec 02 20:19:12 UTC 2022 : Endpoint request body after transformations: Action=SendEmail&Message.Body.Text.Data=%0AName%3A+%22Test+Name%22%0AEmail%3A+%22test%40test.com%22%0APhone%3A+%22123-456-7890%22%0AMessage%3A+%22This+is+a+test+message%21%22&Message.Subject.Data=Contact+form+submission&Destination.ToAddresses.member.1=DudeDudely%40hotmail.com&Source=no_reply_contact_form_submission%40ThatBigTLD.com
Fri Dec 02 20:19:12 UTC 2022 : Sending request to https://email.us-east-1.amazonaws.com/SendEmailToWhomeverILike
Fri Dec 02 20:19:12 UTC 2022 : Received response. Status: 403, Integration latency: 21 ms
Fri Dec 02 20:19:12 UTC 2022 : Endpoint response headers: {Date=Fri, 02 Dec 2022 20:19:12 GMT, Content-Type=application/json, Content-Length=300, Connection=keep-alive, x-amzn-RequestId=1559f1b5-7000-4fe5-9d70-38b729adba46}
Fri Dec 02 20:19:12 UTC 2022 : Endpoint response body before transformations: {"Error":{"Code":"SignatureDoesNotMatch","Message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.","Type":"Sender"},"RequestId":"1559f1b5-7000-4fe5-9d70-38b729adba46"}
Fri Dec 02 20:19:12 UTC 2022 : Method response body after transformations: {"Error":{"Code":"SignatureDoesNotMatch","Message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.","Type":"Sender"},"RequestId":"1559f1b5-7000-4fe5-9d70-38b729adba46"}
Fri Dec 02 20:19:12 UTC 2022 : Method response headers: {X-Amzn-Trace-Id=Root=1-638a5dc0-85f935e6291eab49e7dbe023, Content-Type=application/json}
Fri Dec 02 20:19:12 UTC 2022 : Successfully completed execution
Fri Dec 02 20:19:12 UTC 2022 : Method completed with status: 200
I have also tested this in Postman and I get the same results. The JSON payload I used in the test looks like ->
{
"name": "Test Name",
"email": "test@test.com",
"phone": "123-456-7890",
"message": "This is a test message!"
}
I have an IAM role associated with this api that looks like
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Custom",
"Effect": "Allow",
"Action": [
"ses:SendEmail"
],
"Resource": "*"
}
]
}
This IAM role's ARN is referenced in the Integration Request section as
Execution role arn:aws:iam::<ABigNumberImNotGoingToShowYou>:role/ApiGatewaySes
My main question is ....... do I also need to send some other type of authentication token? If so where would I configure that information?
- Newest
- Most votes
- Most comments
The problem is in the access key, try to paste it here or generate a new one.
Relevant content
- asked 3 years ago
- asked 5 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
That begs the question, where in the API gateway would I set the access key? I thought when you used the API Gateway to test the API it bypassed authentication and simply tested the API to verify the API's operation BEFORE one actually posts something to said API from their contact form OR from Postman. Is that not the case?