I’m using AWS SES to send emails from Django, and since around March 2021, I’ve been getting the following errors frequently.
BotoServerError: 403 Forbidden
<ErrorResponse xmlns="http://ses.amazonaws.com/doc/2010-12-01/">
<Error>
<Type>Sender</Type>
<Code>InvalidClientTokenId</Code>
<Message>Signature Version 3 requests are deprecated from March 1, 2021. From that date on, we are progressively rejecting such requests. To resolve the issue you must migrate to Signature Version 4. If you are self-signing your requests, refer to the documentation for Authenticating requests to the Amazon SES API [1] with Signature Version 4 [2]. If you are not self-signing your requests, simply update your SDK/CLI to the latest version. [1] https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-ses-api-authentication.html [2] https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html</Message>
</Error>
<RequestId>8adae7d9-8c5b-49be-aeab-4504a1d200eb</RequestId>
</ErrorResponse>This error says the following
- Signature version 3 requests are deprecated starting March 1, 2021.
- After that date, such requests will be phased out.
- If you self-sign your requests, see the documentation on authenticating requests to the AmazonSES API using signature version 4.
- If you do not self-sign your requests, update your SDK / CLI to the latest version
The solution is to update the SDK / CLI to the latest version.
I’m using django-ses to send emails, so update django-ses according to “Update SDK / CLI to the latest version if you don’t want to self-sign requests”.
https://github.com/django-ses/django-ses
The latest version of django-ses right now is 2.0.0.
If you check the version of django-ses you’re using, it’s much older.
$ pip list
Package Version
------------------- ---------
...
boto3 1.12.2
...
django-ses 0.8.14
...Use pip to update to the latest version of django-ses.
Confirm that the django-ses version has been updated to 2.0.0.
$ pip install -U django-ses
$ pip list
Package Version
------------------- ---------
...
boto3 1.17.55
...
django-ses 2.0.0
...Finally, don’t forget to restart the WSGI server.
You should now be able to send mail with the updated django-ses and the error will be resolved.
$ sudo systemctl restart gunicornThe cause is the transition to signature version 4.
With the transition to signature version 4, signature version 3 requests were deprecated as of March 1, 2021.
And the error is caused by the fact that they were rejected by AWS in stages.
Signature Version 3 requests are deprecated from March 1, 2021. From that date on, we are progressively rejecting such requests. To resolve the issue you must migrate to Signature Version 4.
https://docs.aws.amazon.com/ja_jp/general/latest/gr/signature-version-4.html
There was also a move to support the migration to signature version 4 in django-ses from June 2020.
https://github.com/django-ses/django-ses/pull/183
Summary
The error was caused by the fact that the request for signature version 3 was deprecated from March 1, 2021, and was rejected by AWS.
There are two ways to resolve this error.
- If you are self-signing requests, see the documentation on authenticating requests to the AmazonSES API using Signature Version 4.
- If you do not want to self-sign requests, update your SDK / CLI to the latest version
If you’re using the SDK / CLI like me, updating to the latest version will solve the problem.
コメント