I'd like to set up my Laravel app to use AWS Simple Email Service without requiring an IAM user's access key / secret key.
My Laravel app is running in an ECS-hosted container and I have given its task role an IAM policy which gives the container permission to use SES. I have fully configured and validated SES in my account, in the same region as my ECS cluster.
SES appears to require the following configuration in my config/services.php file:
'ses' => [
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
],
Is there a way I can amend this so that the SDK uses the IAM policy's permissions rather than requiring a key/secret for an IAM user?
As @apokryfos correctly points out, simply leaving the secret and region keys out of that array allows the SES mailer to fall back on any policy that the ECS task role has permission to use.
... stupidly I had applied said policy to the task execution role rather than the task role.