I am trying to use SES VerifyEmailIdentity in Python. It works totally fine on my local system however when we host on Lightsail instance the following error comes:
An error occurred (AccessDenied) when calling the VerifyEmailIdentity operation: User: arn:aws:sts::480862114276:assumed-role/AmazonLightsailInstanceRole/i-0e2s3ff15c45e0eb1 is not authorized to perform: ses:VerifyEmailIdentity because no identity-based policy allows the ses:VerifyEmailIdentity action
Python code working on localhost but having above error when hosted on Lightsail
import boto3
ses_client = boto3.client('ses', region_name='ap-south-1')
def verify_email_address(email):
response = ses_client.verify_email_identity(EmailAddress=email)
return response
I tried but there is no way to attach a role to Lightsail instance in AWS through which i can attach permission. Expected result is just it works fine as on local and send email to intended address for verification.
Well since you can (edit: mistake here, with which my explanation doesn't make any sense, wanted to write can't here) configure a role with which the LightSail instance is run, I suggest you create an IAM user and attach a role which would have sufficient permissions and pass the user credentials to the client:
import boto3
client = boto3.client(
's3',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN
)