I use the following java code to send user emails, it works as expected if I use Regions.US_EAST_1 and related identity pool id.
AmazonSimpleEmailServiceAsyncClient client = new AmazonSimpleEmailServiceAsyncClient(new CognitoCachingCredentialsProvider(context, identityPoolId, Regions.AP_SOUTH_1));
client.setRegion(Region.getRegion(Regions.AP_SOUTH_1));
client.sendRawEmailAsync(new SendRawEmailRequest(rawMessage), new AsyncHandler<SendRawEmailRequest, SendRawEmailResult>()
{
@Override
public void onError(Exception exception)
{
exception.printStackTrace();
}
@Override
public void onSuccess(SendRawEmailRequest request, SendRawEmailResult sendEmailResult)
{
}
});
But after I changed the region to AP_SOUTH_1, I also changed the identity pool id, the code stopped to work, the email will not be sent, and I started to see log saying
com.amazonaws.AmazonServiceException: The security token included in the request is invalid. (Service: AmazonSimpleEmailService; Status Code: 403; Error Code: InvalidClientTokenId; Request ID: 1168c9c2-a940-4bef-be36-8568787bc130)
Why US_EAST_1 works but AP_SOUTH_1 not? How to get the region AP_SOUTH_1 work? How can I identify and fix this problem?
Important note: I have verified the sender email address in both regions. I have granted the role ses:sendRawEmail permission.
I would like to post my 2 days investigation and found to help others:
Tested with
Using the latest adk implementation 'com.amazonaws:aws-android-sdk-ses:2.16.12', you can only use us-east-1, us-west-2, eu-west-1 3 regions to succeed in sending emails in production, unfortunately ap-south-1 is not on the list, even the SES console page shows you can use more regions, if you do it by code, you will always get the AmazonServiceException saying The security token included in the request is invalid.
Using the latest adk implementation 'com.amazonaws:aws-java-sdk-ses:1.11.789', users can use Region ap-source-1 to send raw emails.