Amazon SES Version 3 Update


Got this email from SES this morning:


Amazon Web Services currently supports Amazon Simple Email Service (Amazon SES) API requests that are signed using either Signature Version 3 or Signature Version 4 processes. Signature Version 4 offers enhanced security for authentication and authorization of Amazon SES customers by using a signing key instead of your secret access key.

To enhance the security of Amazon SES customers, beginning October 1, 2020, support for Signature Version 3 will be turned off (deprecated) in Amazon SES, and only Signature Version 4 will be supported going forward. Amazon SES customers who are currently using Signature Version 3 must migrate to Signature Version 4 by September 30, 2020. After that, Amazon SES will only accept requests that are signed using Signature Version 4. For more information, see the Signature Version 4 signing process in the AWS General Reference [1].

You can easily identify API requests that use Signature Version 3 by looking at the request headers. Requests that use the Signature Version 3 resemble the following example:
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE,Algorithm=HMACSHA256,Signature=lBP67vCvGl ...

What happens if I don't make updates?
Requests signed with Signature Version 3 that are made after September 30, 2020 will fail to authenticate with Amazon SES. Requesters will receive an InvalidClientTokenId sender error, stating the security token included in the request is invalid. For more information, see Authenticating requests to the Amazon SES API in the Amazon SES Developer Guide [2]."

Anything we need to do for SES servers?