Aws-sdk-js: SES Signature does not match

Created on 3 Apr 2017 · 7Comments · Source: aws/aws-sdk-js

Hello,

I had this working fine just about a month ago, we decided not to use SES at the time but have just decided to come back to it and now I can't seem to get it to work!

Here is my basic config. I put all this here instead of importing from a config file just to ensure I was getting the right values.

const ses = new aws.SES({
  apiVersion: '2010-12-01',
  accessKeyId: process.env.AWS_SES_KEY,
  secretAccessKey: process.env.AWS_SES_PASS,
  sslEnabled: true,
  region: 'us-east-1'
});

And here is the error I'm getting when trying to send an email:

SignatureDoesNotMatch:` The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/

host:email.us-east-1.amazonaws.com
x-amz-content-sha256:5f055579048ecf0b566b9617581dac28e8527f4821c5f16185a611d980bd99fc
x-amz-date:20170403T161539Z

host;x-amz-content-sha256;x-amz-date
5f055579048ecf0b566b9617581dac28e8527f4821c5f16185a611d980bd99fc'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20170403T161539Z
20170403/us-east-1/ses/aws4_request
450d3bc2b76356add2d9fe9fda56e3034b68372c9da47b5329f45e38c7a58d99'

code: 'SignatureDoesNotMatch',
  time: 2017-04-03T16:15:40.544Z,
  requestId: 'c7cc1983-1888-11e7-8708-1dabce669cb0',
  statusCode: 403,
  retryable: false,
  retryDelay: 9.126346528227769

Like I said this was working like a charm about a month ago. I came back to code that I had not touched since and suddenly am getting the Signature error. Did something change and I'm missing something that is required?

guidance

Source

kevincollins7

Most helpful comment

You shouldn't be using SMTP credentials when calling SES through an SDK, you should be using the credentials associated with an IAM account: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-credentials.html?icmpid=docs_ses_console

Just to be sure, can you confirm you're using the correct region as well?

It might also be helpful if you can share what params you passed to sendEmail. Don't need specific values, just want to make sure I can make a request when filling out the same params.

chrisradek on 3 Apr 2017

👍3

All 7 comments

@kevincollins7
Can you share what version of the SDK you're using, and how you're populating your env credentials? What operation are you calling when you see this error?

Are these by chance temporary credentials?

chrisradek on 3 Apr 2017

Sure! From my package.json:

"aws-sdk": "^2.36.0",

I also tried 2.20.0 which is what I had originally. When it wasn't working I figured I'd update.

I actually have tried just hardcoding my creds in as opposed to using the env variables and got the same result. I've tested both on Ubuntu and Windows. I've verified the variables were populated and could even console.log(ses) just to see what was there.

I get the error when calling ses.SendEmail - which was working before.

The temporary credentials thing is a new one! I'm not entirely sure how to check? I've tried both with the credentials I had before and with brand new ones created on the SES console clicking the "Create SMTP Credentials" button.

kevincollins7 on 3 Apr 2017

Just to be sure, can you confirm you're using the correct region as well?

It might also be helpful if you can share what params you passed to sendEmail. Don't need specific values, just want to make sure I can make a request when filling out the same params.

chrisradek on 3 Apr 2017

👍3

@chrisradek I went ahead and created a key/pass for my user and tried it out and it worked! So strange I thought that I was using the SMTP creds before though. So I guess the right path to take is to create a new user as sort of a service account in our AWS and then use that user to send the emails.

Not sure why I didn't think of that before. Thank you!

kevincollins7 on 3 Apr 2017

👍1

@kevincollins7
Excellent, glad you were able to figure out the issue!

chrisradek on 3 Apr 2017

Great Help.

parthrhce on 15 Oct 2018

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.