Access Denied for SES::SendMail

doque · November 9, 2017, 11:06am

I’m trying to send an email from a function. Everything works fine locally (sls webpack invoke -f crawl) but after deployment, I find this error in the logs:

Error: AccessDenied: User `arn:aws:sts::812426996283:assumed-role/aws-nodejs-ecma-script-dev-eu-west-1-lambdaRole/aws-nodejs-ecma-script-dev-crawl' is not authorized to perform `ses:SendEmail' on resource `myResource'

serverless.yml

iamRoleStatements:
      - Effect: 'Allow'
        Action:
          - "ses:SendEmail"
        Resource:
          "myResource"

What am I missing here? The configuration seems to be correct. The specified profile is attached to AdministratorAccess policy.

alexdebrie1 · November 9, 2017, 1:30pm

Hey @doque, where is your iamRoleStatements in serverless.yml? It’s supposed to be a field under provider, rather than a top-level block.

E.g.:

provider:
  iamRoleStatements:
    - Effect: 'Allow'
      Action:
        - "ses:SendEmail"
      Resource:
        "myResource"

If that doesn’t help, can you share more of your serverless.yml?

doque · November 9, 2017, 3:08pm

Thank you! That was indeed it.

tommedema · November 12, 2017, 10:21am

Even better would be to define this on a function level, since probably not all of your functions need this role.

Topic		Replies	Views
Lambda function permissions not reflecting execution role Serverless Framework lambda	1	877	August 16, 2024
Serverless AWS credentials issue Node.js Serverless Framework aws	2	1729	March 5, 2018
SES Resource not added in created iAM role for Lambda functions, iamRoleStatements Serverless Framework	1	3652	September 8, 2018
Granting access for one function to use another Serverless Framework	3	2593	June 3, 2017
An error occurred (AccessDeniedException) when calling the UpdateFunctionCode operation Serverless Framework aws , lambda , cicd , iam	0	1202	May 17, 2022

Access Denied for SES::SendMail

Related topics