sysadmiral/README.md

## README.md

      
    Raw
  

              README.md
            
          
    If you have an IAM user that you set up using the IAM interface, you need to do the following two steps to enable the user to send email using the Amazon SES SMTP interface:


Derive the user's SMTP credentials from their AWS credentials using the algorithm provided in this section. A user's SMTP username is the same as their AWS Access Key ID, so you just need to generate the SMTP password.


Apply the following policy to the IAM user:


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect":"Allow",
      "Action":["ses:SendEmail", "ses:SendRawEmail"],
      "Resource":"*"
    }
  ]
}
The following pseudocode shows the algorithm that converts an AWS Secret Access Key to an Amazon SES SMTP password.
key = AWS Secret Access Key;
message = "SendRawEmail";
versionInBytes = 0x02;
signatureInBytes = HmacSha256(message, key);
signatureAndVer = Concatenate(versionInBytes, signatureInBytes);
smtpPassword = Base64(signatureAndVer);


## ses.java
// The following is an example Java implementation that converts an AWS Secret
// Access Key to an Amazon SES SMTP password. Before you run the program, put
// the AWS Secret Access Key of the IAM user into an environment variable called
// AWS_SECRET_ACCESS_KEY. The output of the program is the SMTP password. That
// password, along with the SMTP username (which is the same as the AWS Access
// Key ID) are the user's Amazon SES SMTP credentials.

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;

public class SesSmtpCredentialGenerator {
  private static final String KEY_ENV_VARIABLE = "AWS_SECRET_ACCESS_KEY"; // Put your AWS secret access key in this environment variable.
  private static final String MESSAGE = "SendRawEmail"; // Used to generate the HMAC signature. Do not modify.
  private static final byte VERSION =  0x02; // Version number. Do not modify.

  public static void main(String[] args) {

    // Get the AWS secret access key from environment variable AWS_SECRET_ACCESS_KEY.
    String key = System.getenv(KEY_ENV_VARIABLE);
    if (key == null) {
      System.out.println("Error: Cannot find environment variable AWS_SECRET_ACCESS_KEY.");
      System.exit(0);
    }

    // Create an HMAC-SHA256 key from the raw bytes of the AWS secret access key.
    SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "HmacSHA256");

    try {
      // Get an HMAC-SHA256 Mac instance and initialize it with the AWS secret access key.
      Mac mac = Mac.getInstance("HmacSHA256");
      mac.init(secretKey);

      // Compute the HMAC signature on the input data bytes.
      byte[] rawSignature = mac.doFinal(MESSAGE.getBytes());

      // Prepend the version number to the signature.
      byte[] rawSignatureWithVersion = new byte[rawSignature.length + 1];
      byte[] versionArray = {VERSION};
      System.arraycopy(versionArray, 0, rawSignatureWithVersion, 0, 1);
      System.arraycopy(rawSignature, 0, rawSignatureWithVersion, 1, rawSignature.length);

      // To get the final SMTP password, convert the HMAC signature to base 64.
      String smtpPassword = DatatypeConverter.printBase64Binary(rawSignatureWithVersion);
      System.out.println(smtpPassword);
    }
    catch (Exception ex) {
      System.out.println("Error generating SMTP password: " + ex.getMessage());
    }
  }
}

## ses.php
#!/usr/bin/php
<?php

// Reference:
// http://blog.celingest.com/en/2014/02/12/new-ses-endpoints-creating-ses-credentials-iam-users/

// We assume we have already created a new IAM user and that we have it’s Access
// and Secret keys.

if ($argc<3) die("Usage: $argv[0] {aws_key} {aws_secret}".PHP_EOL);

$key=$argv[1];
$secret=$argv[2];
$message="SendRawEmail";
$versionInBytes = chr(2);
$signatureInBytes = hash_hmac('sha256', $message, $secret, true);
$signatureAndVer = $versionInBytes.$signatureInBytes;
$smtpPassword = base64_encode($signatureAndVer);

echo "SMTP User: ".$key.PHP_EOL;
echo "SMTP Password: ".$smtpPassword.PHP_EOL;

// Then, we create a new file from the Linux console with this content ...
//
// chmod +x ses.php
//
// ./ses.php AKIAIOSFODNN7EXAMPLE wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
//
// SMTP User: AKIAIOSFODNN7EXAMPLE
// SMTP Password: An60U4ZD3sd4fg+FvXUjayOipTt8LO4rUUmhpdX6ctDy
//
// This way we will get a valid username and password for us to send though SES
// using SMTP.

?>
	// The following is an example Java implementation that converts an AWS Secret
	// Access Key to an Amazon SES SMTP password. Before you run the program, put
	// the AWS Secret Access Key of the IAM user into an environment variable called
	// AWS_SECRET_ACCESS_KEY. The output of the program is the SMTP password. That
	// password, along with the SMTP username (which is the same as the AWS Access
	// Key ID) are the user's Amazon SES SMTP credentials.

	import javax.crypto.Mac;
	import javax.crypto.spec.SecretKeySpec;
	import javax.xml.bind.DatatypeConverter;

	public class SesSmtpCredentialGenerator {
	private static final String KEY_ENV_VARIABLE = "AWS_SECRET_ACCESS_KEY"; // Put your AWS secret access key in this environment variable.
	private static final String MESSAGE = "SendRawEmail"; // Used to generate the HMAC signature. Do not modify.
	private static final byte VERSION = 0x02; // Version number. Do not modify.

	public static void main(String[] args) {

	// Get the AWS secret access key from environment variable AWS_SECRET_ACCESS_KEY.
	String key = System.getenv(KEY_ENV_VARIABLE);
	if (key == null) {
	System.out.println("Error: Cannot find environment variable AWS_SECRET_ACCESS_KEY.");
	System.exit(0);
	}

	// Create an HMAC-SHA256 key from the raw bytes of the AWS secret access key.
	SecretKeySpec secretKey = new SecretKeySpec(key.getBytes(), "HmacSHA256");

	try {
	// Get an HMAC-SHA256 Mac instance and initialize it with the AWS secret access key.
	Mac mac = Mac.getInstance("HmacSHA256");
	mac.init(secretKey);

	// Compute the HMAC signature on the input data bytes.
	byte[] rawSignature = mac.doFinal(MESSAGE.getBytes());

	// Prepend the version number to the signature.
	byte[] rawSignatureWithVersion = new byte[rawSignature.length + 1];
	byte[] versionArray = {VERSION};
	System.arraycopy(versionArray, 0, rawSignatureWithVersion, 0, 1);
	System.arraycopy(rawSignature, 0, rawSignatureWithVersion, 1, rawSignature.length);

	// To get the final SMTP password, convert the HMAC signature to base 64.
	String smtpPassword = DatatypeConverter.printBase64Binary(rawSignatureWithVersion);
	System.out.println(smtpPassword);
	}
	catch (Exception ex) {
	System.out.println("Error generating SMTP password: " + ex.getMessage());
	}
	}
	}
	#!/usr/bin/php
	<?php

	// Reference:
	// http://blog.celingest.com/en/2014/02/12/new-ses-endpoints-creating-ses-credentials-iam-users/

	// We assume we have already created a new IAM user and that we have it’s Access
	// and Secret keys.

	if ($argc<3) die("Usage: $argv[0] {aws_key} {aws_secret}".PHP_EOL);

	$key=$argv[1];
	$secret=$argv[2];
	$message="SendRawEmail";
	$versionInBytes = chr(2);
	$signatureInBytes = hash_hmac('sha256', $message, $secret, true);
	$signatureAndVer = $versionInBytes.$signatureInBytes;
	$smtpPassword = base64_encode($signatureAndVer);

	echo "SMTP User: ".$key.PHP_EOL;
	echo "SMTP Password: ".$smtpPassword.PHP_EOL;

	// Then, we create a new file from the Linux console with this content ...
	//
	// chmod +x ses.php
	//
	// ./ses.php AKIAIOSFODNN7EXAMPLE wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
	//
	// SMTP User: AKIAIOSFODNN7EXAMPLE
	// SMTP Password: An60U4ZD3sd4fg+FvXUjayOipTt8LO4rUUmhpdX6ctDy
	//
	// This way we will get a valid username and password for us to send though SES
	// using SMTP.

	?>