How to authorize lambda to perform ses:SendEmail with CDK?

Question

I'm getting runtime exception:

AccessDenied: User arn:aws:sts::431535252:assumed-role/...some-lambda' is not authorized to perform 'ses:SendEmail' on resource `arn:aws:ses:us-east-1:52452465462:identity/contact@somedomain.com

Looking at the docs here, I wasn't able to figure out how to grant that permission.

score 32 · Accepted Answer · edited Jul 03 '21 at 22:04

32

Currently, need to manually add a policy to the execution role for the lambda:

theLambda.addToRolePolicy(new iam.PolicyStatement({
  actions: ['ses:SendEmail', 'SES:SendRawEmail'],
  resources: ['*'],
  effect: iam.Effect.ALLOW,
}));

edited Jul 03 '21 at 22:04

Tom Taylor

3,344
2
38
63

answered Nov 19 '20 at 13:34

Daniel Birowsky Popeski

8,752
12
60
125

How to authorize lambda to perform ses:SendEmail with CDK?

1 Answers1