Howdy, all. This post is for those of you following the IAM best practices for limiting access to SES. If you followed the instructions and created a user just for SES access and then gave it limited permissions to send email, you've probably only granted it SendEmail and SendRawEmail. This is not enough.
When validating addresses, the plugin calls ListVerifiedEmailAddresses. If this call fails, you will see the errors reporting that your keys aren't active and that your email address has not been verified. It's a frustrating error, as other posts here demonstrate.
In the permissions policy for your user, make sure that you have all of the following:
- ses:SendEmail
- ses:SendRawEmail
- ses:ListVerifiedEmailAddresses
- ses:ListIdentities
The last one is necessary because ListVerifiedEmailAddresses has been deprecated since 2012, replaced with ListIdentities. I'll notify the plugin author in another topic that the code needs an update before AWS stops accepting calls to ListVerifiedEmailAddresses.