Transactional email configuration through AWS SES not working

• What’s your URL? This is the easiest way for others to debug your issue
  secareanu.com (but also tested on other domains on the same server)
• What version of Ghost are you using?
  latest (3.14.10)
• What configuration?
  AWS Ubuntu 18.04 EC2 + nginx + RDS MariaDB + SES
• What browser?
  Chrome, but shouldn’t be browser bound
• What errors or information do you see in the console?
  No error in the console
• What steps could someone else take to reproduce the issue you’re having?
  Add AWS SES configuration to config.production.json as per Configuration - Adapt your publication to suit your needs.

I’m trying to setup my transactional email after moving sites from DO to AWS and I run into some weird issues that I cannot seem to get past. I’m following the standard Ghost email config with the following setup:

"mail": {
"from": "'Daniel Lastname' <name@secareanu.com>",
"transport": "SMTP",
"options": {
  "host": "email-smtp.eu-west-1.amazonaws.com",
  "port": 465,
  "service": "SES",
  "auth": {
    "user": "********************",
    "pass": "****************************************"
  }
}
  },

All domains I have tested are validated in SES as well as the email addresses. All sites sit on the same server, but the error messages are slightly different (if members email si configured or not). All sites use the same SES credentials (full SES & SNS access) and the credentials are valid (as I’ve tested them on Wordpress sites with WP Offload SES Lite) and they work (SES region = Ireland, .i.e. eu-west-1).
Are you seeing this email? You are? Well awesome - that means you’re all set to start sending emails from your site via Amazon SES

For those sites where only transactional email is configured, the error is:
Failed to send email. Reason: Invalid login - 535 Authentication Credentials Invalid.
If I change port to 587, the error is the same as below.

For the site where I’ve also setup Mailgun for members email, the error is:
Failed to send email. Reason: 139644882831168:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:…/deps/openssl/openssl/ssl/record/ssl3_record.c:332: .

If I change the SES config with Mailgun SMTP config (port 587), the email test seems to work (mails arrived in the inbox).

There is no error showing up in nginx logs to debug this. There’s no firewall rule to block any traffic going out. I’ve tried with SMTP credentials with only SES Sending enabled and the error is the same. Any ideas what could cause this? Thanks!

In my case, I was using the access_id and secret for my IAM user. This is not the right thing to do, you should create smtp credentials for SES and use those. Found this answer on stack overflow after searching around. I hope it helps.

Here is the link to that thread email - Amazon SES 535 Authentication Credentials Invalid trying to rotate access key - Stack Overflow

I tried creating SMTP credentials in AWS, but it took me to IAM to create them, so I’m not sure what you mean. Here is my question: How can I use Amazon SES with Ghost? - Stack Overflow

I wonder if this is required: email - Amazon SES 535 Authentication Credentials Invalid trying to rotate access key - Stack Overflow

If you have any tips, I’d really appreciate it!