Even if we did everything as in Amazon docs, we may get this problem:
An error occurred (SignatureDoesNotMatch) when calling the SendRawEmail operation: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
And when we start digging for solution we can find pages like this: https://bobbyhadz.com/blog/aws-cli-signature-does-not-match – and get surprised that the characters in configuration really matters, even if all tools are created by Amazon (aws-cli, or aws-sdk). So 1h of checking policies, creating different SMTP keys can be just solved if in documentation we get that information.
Another thing the example there of raw message is plain one which should work with aws-cli, but if not better use base64 version, and remember that message has end lines (my fault I passed it in IntelliJ and CLI started to raise errors about missing To:). Example of mine:
From: system@example.com
To: user@example.com
Subject: Test email sent using the AWS CLI (contains an attachment)
MIME-Version: 1.0
Content-type: Multipart/Mixed; boundary="NextPart"
--NextPart
Content-Type: text/plain
This is the message body.
--
message.json encoded with base64 -in mail.txt:
{
"Data": "RnJvbTogc3...Gf=="
}Sending with cli:
aws ses send-raw-email --raw-message file://message.json --profile sesmail