How do I pass AWS_ACCESS_KEY_ID for Amazon SES on Elastic Beanstalk?

Question

I set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY as environment variables in my local computer and it works fine. When I deploy to Elastic Beanstalk, I set the "Environment properties", but they are passed as -D Java system properties, not set as environment variables, and it generates an error.

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-softwaresettings.html?icmpid=docs_elasticbeanstalk_console

while the Tomcat platform sets Java system properties that you retrieve with System.getProperty.

Error

2018-08-03 02:34:37.001 INFO 32073 --- [nio-8080-exec-9] c.s.xxxxx.apis.XxxxxxxApiController : The email was not sent. Error: User 'arn:aws:sts::849611986161:assumed-role/aws-elasticbeanstalk-ec2-role/i-0f447c52c84e1fd93' is not authorized to perform 'ses:SendEmail' on resource 'arn:aws:ses:us-east-1:849611986161:identity/[email protected]' (Service: AmazonSimpleEmailService; Status Code: 403; Error Code: AccessDenied; Request ID: c3835dda-96c5-11e8-8a21-67774160691b)

Amazon SES is expecting environment variables only (or a 'shared credential file' in your home directory). So how do I pass AWS keys to Amazon SES in Elastic Beanstalk for a Java Spring Boot application using the environment?

Sameera Piyasundara Sameera Piyasundara · Accepted Answer · 2018-08-03T04:24:18

You can use SSM(Systems Manager Service) parameter store to keep your environment variables and access it through any service which has IAM permissions. In this scenario since you need Access Keys, it doesn't need any of the environment variables to be kept. You can just use your Instance Profile inside elastic beanstalk and it will provide you the access key and secret access key of your assigned IAM for the elastic beanstalk. Please refer this document.

How do I pass AWS_ACCESS_KEY_ID for Amazon SES on Elastic Beanstalk?

Error

2 Answers