Use permissions policies instead of AWS full permission access key

Hi again!

There are only two type of permissions for AmazonSES

• AmazonSESFullAccess
• AmazonSESReadOnlyAccess

Mailster requires the first one to send mails.

Hope that helps!

https://docs.aws.amazon.com/ses/latest/dg/security-iam-awsmanpol.html

EDIT:

As pointed out here you should use “AmazonSESFullAccess”

• This reply was modified 1 year, 2 months ago by EverPress.

Thanks for your reply. I have to disagree, there are just the permissions AmazonSESFullAccess and AmazonSESReadOnlyAccess. These are predefined permissions policies (a group of permissions).

Below I have compiled a list of the permissions that currently exist for SES. Can you tell me which ones the plugin requests?

ses:ListConfigurationSets
ses:ListCustomVerificationEmailTemplates
ses:ListIdentities
ses:ListIdentityPolicies
ses:ListTemplates
ses:DescribeActiveReceiptRuleSet
ses:DescribeConfigurationSet
ses:DescribeReceiptRule
ses:DescribeReceiptRuleSet
ses:GetAccountSendingEnabled
ses:GetCustomVerificationEmailTemplate
ses:GetIdentityDkimAttributes
ses:GetIdentityMailFromDomainAttributes
ses:GetIdentityNotificationAttributes
ses:GetIdentityPolicies
ses:GetIdentityVerificationAttributes
ses:GetSendQuota
ses:GetSendStatistics
ses:GetTemplate
ses:ListReceiptFilters
ses:ListReceiptRuleSets
ses:ListVerifiedEmailAddresses
ses:CloneReceiptRuleSet
ses:CreateConfigurationSet
ses:CreateConfigurationSetEventDestination
ses:CreateConfigurationSetTrackingOptions
ses:CreateCustomVerificationEmailTemplate
ses:CreateReceiptFilter
ses:CreateReceiptRule
ses:CreateReceiptRuleSet
ses:CreateTemplate
ses:DeleteConfigurationSet
ses:DeleteConfigurationSetEventDestination
ses:DeleteConfigurationSetTrackingOptions
ses:DeleteCustomVerificationEmailTemplate
ses:DeleteIdentity
ses:DeleteReceiptFilter
ses:DeleteReceiptRule
ses:DeleteReceiptRuleSet
ses:DeleteTemplate
ses:DeleteVerifiedEmailAddress
ses:PutConfigurationSetDeliveryOptions
ses:ReorderReceiptRuleSet
ses:SendBounce
ses:SendBulkTemplatedEmail
ses:SendCustomVerificationEmail
ses:SendEmail
ses:SendRawEmail
ses:SendTemplatedEmail
ses:SetActiveReceiptRuleSet
ses:SetIdentityDkimEnabled
ses:SetIdentityFeedbackForwardingEnabled
ses:SetIdentityHeadersInNotificationsEnabled
ses:SetIdentityMailFromDomain
ses:SetIdentityNotificationTopic
ses:SetReceiptRulePosition
ses:TestRenderTemplate
ses:UpdateAccountSendingEnabled
ses:UpdateConfigurationSetEventDestination
ses:UpdateConfigurationSetReputationMetricsEnabled
ses:UpdateConfigurationSetSendingEnabled
ses:UpdateConfigurationSetTrackingOptions
ses:UpdateCustomVerificationEmailTemplate
ses:UpdateReceiptRule
ses:UpdateTemplate
ses:VerifyDomainDkim
ses:VerifyDomainIdentity
ses:VerifyEmailAddress
ses:VerifyEmailIdentity
ses:DeleteIdentityPolicy
ses:PutIdentityPolicy

Got it thanks!

Here’s the statement we use on our own:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "MailsterAmazonSES",
			"Effect": "Allow",
			"Action": [
				"ses:SendRawEmail",
				"ses:GetAccount",
				"ses:CreateEmailIdentity",
				"ses:ListEmailIdentities"
			],
			"Resource": "*"
		}
	]
}

Keep in mind you may have to update these when we introduce new features.

Hope that helps!

Works like charm. Thanks for your help!

This information would also be a good enhancement for your knowledge base article to configure this integration for production environments.