I have a Django App running in an AWS ECS Fargate container and want to set up the possibility to send mails from Django. This is not too difficult using the built in function. I have set up SES on AWS and granted the Task Role of my Fargate task full access to SES.
As far as I understand, AWS automatically generates credentials for the Task role (see e.g. here. To set up the SES mailing function in Django, I need the EMAIL_HOST_USER which in case of AWS SES will be an AWS_ACCESS_KEY_ID and the Password which would be the secret key of this user.
Now I am slightly confused since I actually want to use the Task role of the Fargate task to send emails. Do I have to somehow get the credentials inside the Django code and set the environment variables? Or can I leave them blank and somehow Fargate automatically connects to SES by its Task Role.
You are using an SMTP library to send emails. The AWS IAM role assigned to your Fargate task only has access to the standard AWS SES API, not the SMTP API. You have two options:
Instead of using the Django SMTP support, use the Boto3 library to send SES emails via the AWS API. This will automatically use the IAM role you have assigned to your ECS task.
Create an IAM user with SMTP credentials, and permissions to send SES emails via SMTP. Then configure Django to send email via the SES SMTP endpoint, using those credentials. You could store the credentials in AWS Parameter Store or AWS Secrets Manager, and inject those credentials into your ECS containers via environment variables.