Failed to retrieve credentials from EC2 Instance Metadata Service

Question

I'm trying to send an email via the AWS SES API using the SDK.

I based my code off the official documentation here: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/examples-send-using-sdk.html

I'm getting as far as await client.SendEmailAsync(sendRequest); and receive the error message:

Failed to retrieve credentials from EC2 Instance Metadata Service.

// initialization
var client = new AmazonSimpleEmailServiceClient(RegionEndpoint.USWest2);
var response = new SendEmailResponse();

// build email
var sendRequest = new SendEmailRequest
{
    Source = ToAddress,
    Destination = new Destination
    {
        ToAddresses =
        new List<string> { ReceiverAddress }
    },
    Message = new Message
    {
        Subject = new Content(model.Subject),
        Body = new Body
        {
            Html = new Content
            {
                Charset = "UTF-8",
                Data = model.HtmlBody
            },
        }
    },
};

// send async call to api
try
{
    var response = await client.SendEmailAsync(sendRequest);
}
catch (Exception ex)
{

}

I've confirmed that my domain is verified via the AWS console and it's also showing as "Enabled for Sending".

Where am I going wrong?

Were you actually running this code in EC2? If so, did the instance have an IAM instance role? — Michael - sqlbot, Jun 13 '18 at 01:57
The EC2 instance metadata service is where code running on an EC2 instance can obtain the current version of the temporary credentials associated with the [IAM instance role](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html). It only works inside EC2. Running outside EC2, you need to configure credentials another way. — Michael - sqlbot, Jun 13 '18 at 09:17

TidyDev · Accepted Answer · 2020-02-07T09:49:39.127

I figured out an answer to my question.

The issue can be resolved by creating an IAM user group and user with access to the SES service.

Then I edited my code to pass the AccessKeyId and SecretAccessKey.

    var client = new AmazonSimpleEmailServiceClient(awsAccessKeyId, awsSecretAccessKey, RegionEndpoint.USWest2);
    var response = new SendEmailResponse();

This is working. However to be more secure it's recommended that a Shared Credentials File be used.

Hope this helps someone else.

EDIT: In V2 of the AWS SES SDK you need to change AmazonSimpleEmailServiceClient to AmazonSimpleEmailServiceV2Client.

    var client = new AmazonSimpleEmailServiceV2Client(awsAccessKeyId, awsSecretAccessKey, RegionEndpoint.USWest2);
    var response = new SendEmailResponse();

Hi, I am moving from Azure to AWS and having to go through this now. I have the shared credentials file in the right place, setup all the code etc but for local development when tryign to make a call to the AmazonSimpleSystemsManagementClient to get a param value I get an error ""Unable to get IAM security credentials from EC2 Instance Metadata Service" Any ideas please? — TResponse, Jul 04 '20 at 21:27

score 2 · Answer 2 · answered Feb 18 '21 at 16:14

In case if someone came here with no knowledge about configuring AWS from scratch. Just adding some details:

install AWS Toolkit (Extension for Visual Studio in my case: Extensions > Manage Extensions > "AWS Toolkit for Visual Studio 2017 and 2019") - https://docs.aws.amazon.com/toolkit-for-visual-studio/latest/user-guide/setup.html#install
In AWS Console create access key (and download as .csv file with secret key, for example) - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey
Open View > AWS Explorer and add New Account Profile. Here you can import credentials from .csv

After that I could access AWS services locally

Failed to retrieve credentials from EC2 Instance Metadata Service

2 Answers2

Linked