AWS SES notify module does not work with instance roles

[kaaelhaa]

I just started using the AWS SES notifier module and whilst it do work fine if environment variables AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY are set, the module fails if the variables do not exists.

Instead it tries to lookup credentials using container or instance role EC2 metadata API. However, the functions to perform the credential lookups are missing from the hook script.

If manually adding in the functions (copied from AWS DNS implementation) it works:

_use_container_role() {
  # automatically set if running inside ECS
  if [ -z "$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" ]; then
    _debug "No ECS environment variable detected"
    return 1
  fi
  _use_metadata "169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"
}

_use_instance_role() {
  _url="http://169.254.169.254/latest/meta-data/iam/security-credentials/"
  _debug "_url" "$_url"
  if ! _get "$_url" true 1 | _head_n 1 | grep -Fq 200; then
    _debug "Unable to fetch IAM role from instance metadata"
    return 1
  fi
  _aws_role=$(_get "$_url" "" 1)
  _debug "_aws_role" "$_aws_role"
  _use_metadata "$_url$_aws_role"
}

[github-actions[bot]]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.