I'm trying to run the following PHP code on my server:
require 'aws_sdk_php/aws-autoloader.php';
use Aws\Ses\SesClient;
echo 'teste1';
$client = SesClient::factory(array(
'key' => 'xxxxx',
'secret' => 'yyyyy',
'region' => 'us-east-1'
));
echo 'teste2';
echo $client->listIdentities();
echo 'teste3';
echo $client->verifyEmailIdentity(array(
'EmailAddress' => '[email protected]'
));
I created a user with permission to send emails using SMTP (ses:SendRawEmail) and it works just fine. However the "listIdentities" and "verifyEmailIdentity" calls only works when I grant SES Full Access permission or use full credentials for the account.
If I add only "ses:ListIdentities" and "ses:VerifyEmailIdentity" to the same user, I get a 403 error saying the signature not match. Anybody have any idea what's going on? Do I have to add other permissions/policies to grant access to this calls?
I also ran this permissions on the IAM Policy Simulator and they passed when they were set, but I received a "denied" after I removed them.
Thanks!
Update: According to this SES AWS Error Code: SignatureDoesNotMatch, Status Code: 403 MAYBE the fix is I should adjust the time on my EC2 server, but how can I found out what time is it on SES servers since I don't have access to them?
Update2: Doesn't seem like a case of diferent time, as I ran the code on a server on North Virginia and got the same results. Permissions passed on the simulator. Any suggestions?