[AWS SES] SignatureDoesNotMatch (client): Signature expired:


Error executing “SendRawEmail” on “https://email.ap-northeast-1.amazonaws.com”; AWS HTTP error: Client error: `POST https://email.ap-northeast-1.amazonaws.com` resulted in a `403 Forbidden`

SignatureDo (truncated…) SignatureDoesNotMatch (client): Signature expired:

何故? SESのcrudentialではなさそう
$ date
2021年 2月 14日 日曜日 11:26:51 JST


$ sudo yum install chrony
$ systemctl start chronyd
$ date
2021年 2月 14日 日曜日 11:41:52 JST



### SES
Service -> Customer Engagement -> Simple Email Service
Asia Pacific (Mumbai)
左メニューのEmailAddresses -> Verify a New Email Address -> 認証

Amazon SES の新規ユーザーの場合–上限緩和をまだ申請していない場合は、引き続きサンドボックス環境を使用しています。そのため、メールは確認済みのアドレスにのみ送信できます。新しいメールアドレスまたはドメインを確認するには、Amazon SES コンソールの [Identity Management] のセクションを参照してください。

Amazon Pinpoint の新規ユーザーの場合–上限緩和をまだ申請していない場合は、引き続きサンドボックス環境を使用しています。そのため、メールは確認済みのアドレスにのみ送信できます。新しいメールアドレスまたはドメインを確認するには、Amazon Pinpoint コンソールの [Settings] > [Channels] ページを参照してください。

なお、送信制限解除申請は、AWS Support -> Create Case -> Service limit increaseから送信する

### AmazonSESFullAccessのユーザ追加
IAMからAdd user
User name:${appName}-ses
Select AWS access type: Programmatic access
Permissions: AmazonSESFullAccess

### .env


SES_REGION=ap-south-1 ※munbai

### テスト実行
Error executing “SendRawEmail” on “https://email.ap-northeast-1.amazonaws.com”; AWS HTTP error: cURL error 6: Could not resolve host: email.ap-northeast-1.amazonaws.com (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)

$ curl https://email.ap-northeast-1.amazonaws.com
curl: (6) Could not resolve host: email.ap-northeast-1.amazonaws.com



'ses' => [
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),

regionがAWS_DEFAULT_REGIONとなっており、さらに、keyとsecretも共通のkey, secret担っているので、AWS_DEFAULT_REFIONをmunbaiに変更します。

'ses' => [
        'key' => env('SES_KEY'),
        'secret' => env('SES_SECRET'),
        'region' => env('ap-south-1', 'us-east-1'),

$ php artisan config:clear




npm install aws-sdk –save

npm install の–saveオプションって何?
-> パッケージをインストールして、package.jsonに書き込む

[vagrant@localhost ses]$ npm -v
[vagrant@localhost ses]$ npm install aws-sdk –save
npm WARN saveError ENOENT: no such file or directory, open ‘/home/vagrant/local/app/test/package.json’
npm notice created a lockfile as package-lock.json. You should commit this file.
npm WARN enoent ENOENT: no such file or directory, open ‘/home/vagrant/local/app/test/package.json’
npm WARN test No description
npm WARN test No repository field.
npm WARN test No README data
npm WARN test No license field.

+ aws-sdk@2.487.0
added 39 packages from 85 contributors, removed 30 packages, updated 1 package and audited 52 packages in 30.333s
found 0 vulnerabilities

AWS credentialsを設定し、メール送信する

var AWS = require('aws-sdk');
AWS.config.update({region: 'us-east-1'});

var ses = new AWS.SES();

var params = {
	Destination: {
		ToAddresses: [ 'hoge@example.com' ]
	Message: {
			Body: {
				Text: {
						Data: 'hello SES',
						Charset: 'utf-8'
			Subject: {
				Data: 'Hello',
				Charset: 'utf-8'
	Source: 'jiro@example.com'

ses.sendEmail(params, function(err, data){
	if(err) console.log(err, err.stack);
	else console.log(data);


Amazon SES

Amazon Simple Email Service (SES) is Amazon’s email sending service.
Weight charge system, no minimum fee required.
Free quota is 62,000 transmissions / month from EC2 and 1,000 receptions / month.

Amazon SES Sandbox
– In order to prevent fraud and to avoid SPAM accreditation from ISPs, new user accounts are placed in a sandbox (environment for verification purposes) and limited in part by behavior.
– Emails can be sent and received only from verified email addresses or verified domains.
– You can send up to 200 messages per day, up to one message per second.
– If you move the account out out of the sandbox, it will work in the unrestricted environment.
– It will take 1 business day to proceed.

– Case- insensitive combination of domain and email address. (user@example.com and USER@example.com have different identities)

Domain Key Identification Mail(DKIM)
– It is a standard for the ISP to prove that senders have signed e-mail messages so that they are genuine and have not been tampered with by a third party during transmission.