2

I use the following java code to send user emails, it works as expected if I use Regions.US_EAST_1 and related identity pool id.

AmazonSimpleEmailServiceAsyncClient client = new AmazonSimpleEmailServiceAsyncClient(new CognitoCachingCredentialsProvider(context, identityPoolId, Regions.AP_SOUTH_1));
client.setRegion(Region.getRegion(Regions.AP_SOUTH_1));
client.sendRawEmailAsync(new SendRawEmailRequest(rawMessage), new AsyncHandler<SendRawEmailRequest, SendRawEmailResult>()
{
    @Override
    public void onError(Exception exception)
    {
        exception.printStackTrace();
    }

    @Override
    public void onSuccess(SendRawEmailRequest request, SendRawEmailResult sendEmailResult)
    {
    }
});

But after I changed the region to AP_SOUTH_1, I also changed the identity pool id, the code stopped to work, the email will not be sent, and I started to see log saying

com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSimpleEmailService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 1168c9c2-a940-4bef-be36-8568787bc130)

Why US_EAST_1 works but AP_SOUTH_1 not? How to get the region AP_SOUTH_1 work? How can I identify and fix this problem?

Important note: I have verified the sender email address in both regions. I have granted the role ses:sendRawEmail permission.

Run
  • 2,148
  • 2
  • 12
  • 29

1 Answers1

1

I would like to post my 2 days investigation and found to help others:

Tested with

  • AWS SDK for Android:

Using the latest adk implementation 'com.amazonaws:aws-android-sdk-ses:2.16.12', you can only use us-east-1, us-west-2, eu-west-1 3 regions to succeed in sending emails in production, unfortunately ap-south-1 is not on the list, even the SES console page shows you can use more regions, if you do it by code, you will always get the AmazonServiceException saying The security token included in the request is invalid.

  • AWS SDK for Java:

Using the latest adk implementation 'com.amazonaws:aws-java-sdk-ses:1.11.789', users can use Region ap-source-1 to send raw emails.

Run
  • 2,148
  • 2
  • 12
  • 29