How to update the SES SMTP Access keys for SMTP Mail

0

Dear All,

Hope all is well. I am new user to AWS as i focus more on Windows Server OS. We are a financial organization using Simple Email Service for no-reply email outbound for multiple messaging channels. One of the famous card manufacturer reported that their messaging channel only accepts password with maximum 21 characters and want us to update with 21 or less as minimum.

When we checked the manage SMTP settings i see that there is an IAM identity for the SES email and an access key which is active. Also i see there is no console access enabled for this user which i guess the Email channel are authentication using Access key secret (hope i am correct).

Now the management wants us to update the password/access keys with either 16-20 character limit. I did some digging for myself and since this is a SES SMPT account, they suggest to revoke the old access key and enable a new one using a python script.

What i would like to know is

  1. How do i update the password ?
  2. If i need to change the access key, how do i update it ?
  3. How long will this process take ?
  4. Is there a failback/backup mechanism if something fails ?
  5. Need best practice advise on performing this task.

Thank you, Safe

1 Answer
2

Hello.

How do i update the password ?

As you have probably already confirmed, it is possible to generate a new SMTP password from your secret access key.
https://docs.aws.amazon.com/ses/latest/dg/smtp-credentials.html#smtp-credentials-convert

If i need to change the access key, how do i update it ?

I think it is best to leave the currently used access key as is and issue a new access key.
You can issue a new access key using the steps described in the document below.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey

How long will this process take ?

If you are familiar with issuing access keys, you can create one in less than 10 minutes.

Is there a failback/backup mechanism if something fails ?

I think you can leave the secret access key you're currently using as is, and if the newly created secret access key doesn't work, you can switch back to the old secret access key.

Need best practice advise on performing this task.

Please do not disable or delete the secret access key you are currently using so that you can switch back if a problem occurs.

profile picture
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile pictureAWS
EXPERT
iBehr
reviewed a month ago
  • The document below recommends creating a new SMTP user from the Amazon SES screen, so I think this method is also a good idea. However, after several attempts, it does not generate short passwords of less than 20 characters, so it may not be able to meet your requirements. https://repost.aws/knowledge-center/ses-rotate-smtp-access-keys

  • Thank you Mr. Riku_Kobayashi, all the point clearly makes sense. Sorry i just need assistance with another point that came to my mind

    1. Since the console access is disabled for the IAM User, do you have any steps to convert the secret key to password from the root account for this iam smtp identity ?

    2. And, is there any way i can get to know what the old password being used for the existing SMTP in messaging system ?

    Thanks, Safe