0

I have written a system that uses aws ses to send an email (code below). This works fine on the website, but I am also surprised that it seems to work from my local computer. What I am wondering is if I have accidentally given my aws account a global ability to send emails or is my local pc somehow logged into aws so that it can still send the email. If this is the case, how do I log out to make sure that it is secure ?, or how do I make sure that it is only the website that can send emails.

Thanks

Mark

# Form is valid, get the data from the form
sender_email = form.cleaned_data['form_email']

# Generate the new email message
strNewSubject = "CONTACT FROM sendemail DJANGO APP"
strNewMessage = f"Hello from a random user of sendemail Django App."

# Create a new SES resource and specify a region.   SES is in
# eu-west-1 NOT eu-west-2
client = boto3.client('ses', region_name="eu-west-1")

tmpDestination = {'ToAddresses':
                    ["blah@something.com", ], }
tmpMessage = {
        'Body': {
            'Text': {
                'Charset': "UTF-8",
                'Data': strNewMessage,
            },
        },
        'Subject': {
            'Charset': "UTF-8",
            'Data': strNewSubject,
        },
    }
# Provide the contents of the email.
response = client.send_email(
    Destination=tmpDestination,
    Message=tmpMessage,
    Source="srcaddress@gmail.com"
)

# Email sent and no error's
return True
MarkyMark1000
  • 417
  • 4
  • 19
  • 1
    If at some point you run `aws configure` to configure awscli and added your access keys, then that's what's getting used here. You can delete your `~/.aws` directory if you want to remove all configured access keys from your system. – jordanm Feb 27 '21 at 00:06

1 Answers1

0

This is just some extra points that may help people who have this concern in the future and it expands on jordanm's answer, which was very helpful:

You can get a list of the currently available profiles using this:

aws configure list-profiles

You can list your current profile using this:

aws configure list

You can get the information on a specific profile using this:

aws configure list --profile profile_name

Assuming .aws has been setup in your user directory (~), you can see the config and credentials file using the following:

cat ~/.aws/config

cat ~/.aws/credentials

You can then specify which profile you are using by either using the --profile argument or AWS_PROFILE environment variable:

aws ec2 describe-volumes --profile dev
export AWS_PROFILE=dev

Source:
How to see what profile is default with CLI?.
https://www.thegeekstuff.com/2019/03/aws-configure-examples/

MarkyMark1000
  • 417
  • 4
  • 19