0

I'm making Node.js API requests using the AWS-SDK, running from my EC2. But they keep returning error 403:

{"message":"Missing Authentication Token"}

I'm trying to access Amazon SES endpoints. I have a user set in IAM with one policy added. Its policy name is AmazonSESFullAccess. This user's key and secret are stored in ~/.aws/credentials.

This should be enough to authenticate and authorise my request: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-shared.html

I also added them to my project's .env file, using the recommended AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variables.

Which should also successfully authenticate and authorise my calls: https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/loading-node-credentials-environment.html

According to these, if I'm using the AWS-SDK to send my request, I shouldn't need to sign them in headers or query parameters: https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html

Here's the code:


test: async () => {

    /**
     * Call AWS SES API
     * Returns information about the account
     * https://docs.aws.amazon.com/ses/latest/APIReference-V2/API_GetAccount.html
     */

    return new Promise(resolve => {

        axios
            .get("https://email.us-east-1.amazonaws.com/v2/email/account")
            .then(res => {
                console.log(res);
                resolve(res);
            })
            .catch(error => {
                console.error(error)
            });
    });

}

So why can't I access any resources? What can I do to fix it?

Felipe
  • 5
  • 3
  • Is your app running as the same user that owns ~/.aws/credentials? Note that storing credentials like this is not the best approach. Use IAM roles rather than IAM users, and do this via the EC2 instance's assumed role. – jarmod Mar 14 '22 at 18:01

1 Answers1

0

You are not using the NodeJS AWS SDK. You are just sending a "normal" HTTP request using axios. The request you are sending is not at all aware of any AWS authentication credentials.

That's why you are making unauthenticated requests and getting the corresponding error "Missing Authentication Token".

You should use the AWS SDK to "talk" to the AWS API:

var sesv2 = new AWS.SESV2();
var params = {};
sesv2.getAccount(params, function(err, data) {
  if (err) console.log(err, err.stack); 
  else     console.log(data);           
});

See: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SESV2.html#getAccount-property

The AWS SDK will read the credentials and take care of authenticating requests.

Jens
  • 20,533
  • 11
  • 60
  • 86