I am new to the world of AWS and I'm not someone who comes from a security background so the concepts surrounding AWS IAM and the SMTP settings have my head spinning.
I've installed the AWS PHP SDK by following all the steps, verified the domain (as well as successfully sending a few test emails from the AWS console) and also a few individual email addresses that I want to send the test emails to, but the part I don't get is the SMTP/IAM.
I've got Amazon's basic script that they provide, but I don't really understand what I need to do in creating the SMTP credentials and/or IAM and I've searched all over without being able to really find an answer or understand what the Amazon docs are saying.
The code I am using is below, but the part I am totally bewildered by is exactly how I should generate my access keys for this specific item (I only need to send emails, no handling of bounces, etc) and what the best method of accessing these from the script are (i.e. I assume they should be stored outside of the actual script in a locked down directory?).
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
use Aws\Ses\SesClient;
require 'vendor/autoload.php';
$client = SesClient::factory(array(
'key' => 'SECRET_KEY',
'secret' => 'SECRET_SECRET',
'region' => 'eu-west-1',
'version' => '2010-12-01'
));
$emailSentId = $client->sendEmail(array(
// Source is required
'Source' => '[email protected]',
// Destination is required
'Destination' => array(
'ToAddresses' => array('[email protected]')
),
// Message is required
'Message' => array(
// Subject is required
'Subject' => array(
// Data is required
'Data' => 'SES Testing',
'Charset' => 'UTF-8',
),
// Body is required
'Body' => array(
'Text' => array(
// Data is required
'Data' => 'My plain text email',
'Charset' => 'UTF-8',
),
'Html' => array(
// Data is required
'Data' => '<b>My HTML Email</b>',
'Charset' => 'UTF-8',
),
),
),
'ReplyToAddresses' => array( '[email protected]' ),
'ReturnPath' => '[email protected]'
));
?>
I tried going into the SES console and generating SMTP keys there and plugging them straight into the script (just to test if it would work, I've removed them from the script and deleted those keys for security purposes), but I didn't really understand if I should be using them or if I then need to create an additional IAM user or if I should be generating these dynamic combinations that have been referred to (happy to take expert advice on this for the bets method) ... in any that threw me the following error:
Fatal error: Uncaught exception 'Aws\Exception\CredentialsException' with message 'Error retrieving credentials from the instance profile metadata server. (Client error:
GET http://169.254.169.254/latest/meta-data/iam/security-credentials/resulted in a404 Not Foundresponse: Aws\Credentials{closure}(Array) #1 /var/www/html/vendor/guzzlehttp/promises/src/Promise.php(152): GuzzleHttp\Promise\Promise::callHandler(2, Array, Array) #2 /var/www/html/vendor/guzzlehttp/promises/src/TaskQueue.php(60): GuzzleHttp\Promise\Promise::GuzzleHttp\Promise{closure}() #3 /var/www/html/vendor/guzzlehttp/guzzle/src/Handler/CurlMultiHandler.php(96): GuzzleHttp\Promise\TaskQueue->run() #4 /var/www in /var/www/html/vendor/aws/aws-sdk-php/src/Credentials/InstanceProfileProvider.php on line 79
Anyway, hopefully someone understands what I am rambling about - happy to provide any additional details, but I don't think I'm adding much value to the issue from here on as I'm sure comes through from this question, I don't really understand the security side of it.
It will truly be a Christmas miracle if I can get this working, understand the basic concepts and still have some hair left by the time the last mince pie goes down my throat.
Thanks in advance!!
G-Man
