我们最近收到一封来自亚马逊的电子邮件。
Hello,
Amazon Web Services currently supports Amazon SES API requests that are signed using Signature
Version 3 and Signature Version 4 processes. Signature Version 4 further enhances the security around
authentication and authorization of Amazon SES customers by using a signing key instead of your
secret access key. To improve the security for our customers, beginning October 1, 2020, Amazon
Signature Version 3 will be turned off (deprecated) in Amazon SES in favor of Signature Version 4.
Amazon SES customers who are still using Signature Version 3 must migrate to Signature Version 4 by
September 30, 2020. After that, Amazon SES will only accept requests that are signed using Signature
Version 4. For more information, see Signature Version 4 signing process [1].
What Happens if I Don't Make Updates?
Requests signed with Signature Version 3 that are made after September 30, 2020 will fail to
authenticate with Amazon SES. Requesters will see errors stating that the request must be signed with
Signature Version 4.
References:
[1] https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Sincerely,
Amazon Web Services
Amazon Web Services, Inc. is a subsidiary of Amazon.com, Inc. Amazon.com is a registered trademark of
Amazon.com, Inc. This message was produced and distributed by Amazon Web Services Inc., 410 Terry
Ave. North, Seattle, WA 98109-5210
我们有几个PHP Codeigniter应用程序,我们使用AmazonSES SMTP凭据发送电子邮件。我们不使用AWS访问密钥&发送电子邮件的密钥。因此,我认为迁移到Signature Version 4不会影响我们的应用程序。有人能向我保证,如果我的假设是正确的吗?
如果您使用SMTP使用SES发送电子邮件,sigv4不应该影响您,它只适用于sendemail或sendrawemailapi调用。
如果您使用SES SMTP凭据使用SMTP发送电子邮件,您可能仍然会受到影响。SES SMTP凭据已签名,在2019年2月之前,AWS在通过SES控制台生成凭据时使用SignatureV2。一位AWS员工在论坛上发帖证实了这一点:
如果你指的是发送给少数客户的通信,以便从Smtp的V2凭据迁移到V4凭据,是的,即使你不使用SDK,你也必须这样做。