Charles Lavery

AWS SES Create SMTP Password With Python

Amazon Web Service's Simple Email Service (SES) requires a username/password pair when connecting using SMTP. This pair can be derived from an existing AWS user's (such as an IAM user) credentials. The username is simply the access key ID but the password is formed using an algorithm defined in the AWS Docs. This code shows how to derive it using plain python code.

Note: As usual you should not use normal AWS user credentials for this but specific and restricted IAM users. This code may be useful in a larger configuration management system (for instance by creating users for new hosts).

import base64
import hmac
import hashlib
import sys

def hash_smtp_pass_from_secret_key(key):
    message = "SendRawEmail"
    version = '\x02'
    h = hmac.new(key, message, digestmod=hashlib.sha256)
    return base64.b64encode("{0}{1}".format(version, h.digest()))

if __name__ == "__main__":
    print hash_smtp_pass_from_secret_key(sys.argv[1])