How to authorize lambda to perform ses:SendEmail with CDK?

Question

I'm getting runtime exception:

AccessDenied: User arn:aws:sts::431535252:assumed-role/...some-lambda' is not authorized to perform 'ses:SendEmail' on resource `arn:aws:ses:us-east-1:52452465462:identity/[email protected]

Looking at the docs here, I wasn't able to figure out how to grant that permission.

Daniel Birowsky Popeski Daniel Birowsky Popeski · Accepted Answer · 2020-11-19T13:34:36

Currently, need to manually add a policy to the execution role for the lambda:

theLambda.addToRolePolicy(new iam.PolicyStatement({
  actions: ['ses:SendEmail', 'SES:SendRawEmail'],
  resources: ['*'],
  effect: iam.Effect.ALLOW,
}));

How to authorize lambda to perform ses:SendEmail with CDK?

1 Answers