Closed yadachi closed 4 years ago
Hi @yadachi ,
how are you using aws-smtp-relay
? Are you using the blueimp/aws-smtp-relay
docker image or your own build?
And I assume you've followed the AWS guides here?
(Potentially @redradrat can also provide some helpful guidance)
@blueimp sorry, this was my mistake, we actually using own image. I will double check if this is still happening. sorry for confusion.
We already rolled this feature out a ton now :) so if you need help, just shoot.
Hi I am using this on EKS cluster with service account. since last merge aws-sdk should support OIDC with service account. but it seems that the pod is still getting instance iam role.
SMTPDataError: (554, "User
arn:aws:sts::xxxxxxxxxxx:assumed-role/eks-node/i-0dabef8d257d9d78d' is not authorized to performses:SendRawEmail' on resource
arn:aws:ses:eu-west-1:xxxxxxxxxxx:identity/example.com' (Service: AmazonSimpleEmailService; Status Code: 403; Error Code: AccessDenied; Request ID: xxxxxxxxx-eda9-4221-96bb-xxxxxxxx)") ` instead of specified IAM role for SES, the pod still getting credential from worker node IAM role.