AWS SES Error - not authorized to perform ses:SendRawEmail on resource

Last updated: Jul 21st 2024

On Amazon Web Services debugging issues with SES or Send Email Services can get tricky.  When you receive a bounce back message which reads "User is not authorized to perform ses:SendRawEmail", the solution turns out to be simple. 

Error Message:

<Sending Email> User `arn:aws:iam::458281000000:user/amazon-workmail-eu-west-1' is not authorized to perform `ses:SendRawEmail' on resource `arn:aws:ses:eu-west-1:489921000000:identity/yourdomain.com'


  • go to ses console
    • identity management > domains
  • click your domain
  • scroll down to Identity Policy
  • create policy
    • policy generator
  • for principle add the user as mentioned in the bounceback email like arn:aws:iam::458281000000:user/amazon-workmail-eu-west-1
  • tick the boxes for
    • ses:SendEmail
    • ses:SendRawEmail
  • and save.
SYED ABDUL QUADER Published on 16 Dec 2020
Guest User