AWS SES issues, SMTPAuthenticationError: 535 Authentication Credentials Invalid

Benjman · July 12, 2018, 11:36pm

I’m running GitLab 11.0.3-ee (f25aa33473d on an EC2 instance, trying to enable SMTP emails to be sent for new users. I hope to send through AWS SES, but I am getting the error:

Net::SMTPAuthenticationError: 535 Authentication Credentials Invalid

Here are my gitlab.rb SMTP settings:

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "email-smtp.us-east-1.amazonaws.com"
 gitlab_rails['smtp_port'] = 587
 gitlab_rails['smtp_user_name'] = "MY_IAM_PROVIDED_KEY"
 gitlab_rails['smtp_password'] = "MY_AIM_PROVIDED_SECRET"
 gitlab_rails['smtp_domain'] = "mydomain.com"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = true
 # gitlab_rails['smtp_tls'] = false

Anyone know why I might still be getting this issue? It seems like an IAM issue, but I’ve recreated another user key and secret, but still get this error. The IAM user has full permissions to AWS SES.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "ses:*",
            "Resource": "*"
        }
    ]
}

Anyone have tips on how I might get this resolved?

Benjman · July 13, 2018, 12:55pm

Anyone else encountered this? I’ve verified that my IAM certificate is valid by sending a request through AWS’s REST API:

curl -X GET \
  'https://email.us-east-1.amazonaws.com/?Action=SendEmail&Source=ben%ben.com&Destination.ToAddresses.member.1=ben%40gmail.com&Message.Subject.Data=Hello%20test&Message.Body.Text.Data=Body%20of%20message' \
  -H 'authorization: AWS4-HMAC-SHA256 Credential=MY_IAM_PROVIDED_KEY/us-east-1/ses/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=SIGNATURE' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'host: email.us-east-1.amazonaws.com' \
  -H 'postman-token: 168bba42-4735-d78f-01f2-0be50af153b8' \
  -H 'x-amz-date: 20180713T125232Z'

Resposne:

<SendEmailResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
    <SendEmailResult>
        <MessageId>0100016493b332fd-d3673f03-4deb-4479-89d1-190f7920c295-000000</MessageId>
    </SendEmailResult>
    <ResponseMetadata>
        <RequestId>9b77c28e-869b-11e8-840b-05a6ad483d04</RequestId>
    </ResponseMetadata>
</SendEmailResponse>

CarlInglis · March 11, 2019, 9:17am

Added in case anyone else stumbles across this:

“Your SMTP user name and password are different from your AWS access key ID and secret access key.”

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html

sharkattackza · November 5, 2019, 2:03pm

Thanks @CarlInglis - although your post was late, it helped me get straight to the route of the problem I was also having. Proof that posting a late response can still help others, even if not the original requester.
Thanks again!