我是lambda的新手。我正在尝试使用AWS Lambda的AWS ESS发送邮件,而没有任何触发器。这是我的代码
import boto3
from botocore.exceptions import ClientError
ses = boto3.client('ses')
email_from = 'proteeti@cloudly.io'
email_to = 'proteeti13@gmail.com'
emaiL_subject = 'Subject'
email_body = 'Body'
def lambda_handler(event, context):
response = ses.send_email(
Source = email_from,
Destination={
'ToAddresses': [
email_to,
],
},
Message={
'Subject': {
'Data': emaiL_subject
},
'Body': {
'Text': {
'Data': email_body
}
}
}
)
我已经创建了具有简单微服务权限的自定义角色。该活动设置为“ hello world”。我保存并单击测试,它显示了此错误
{
"errorMessage": "An error occurred (AccessDenied) when calling the SendEmail operation: User `arn:aws:sts::990458801115:assumed-role/basic-lambda-role/sendmail' is not authorized to perform `ses:SendEmail' on resource `arn:aws:ses:us-east-1:990458801115:identity/proteeti@cloudly.io'",
"errorType": "ClientError",
"stackTrace": [
[
"/var/task/lambda_function.py",
28,
"lambda_handler",
"'Data': email_body"
],
[
"/var/runtime/botocore/client.py",
314,
"_api_call",
"return self._make_api_call(operation_name, kwargs)"
],
[
"/var/runtime/botocore/client.py",
612,
"_make_api_call",
"raise error_class(parsed_response, operation_name)"
]
]
}
我从here编写了代码,它可以在本地完美运行。
答案 0 :(得分:1)
您正在运行此代码的Lambda函数无权使用SES发送消息。您需要将操作0.184593 seconds (223.44 k allocations: 5.321 MiB)
添加到您的ses:SendEmail IAM角色中。
在本地运行代码时,您将使用自己的开发人员凭据与SES通信,该凭据可能具有更高的权限。
答案 1 :(得分:0)
您使用的角色似乎没有与SES服务相关的政策。
步骤1:创建自定义的策略-例如:SES-SendEmail-Policy并为其提供以下JSON:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:SendEmail", <--- This is the action that was missing
],
"Resource": "*"
}
]
}
第2步:将SES-SendEmail-Policy附加到basic-lambda-role角色。