Amazon SES - send_raw_email() - The following identities failed the check in region

[rbnbnabs]

Describe the bug

I verified a domain identity (example.com) in account 1 in eu-west-1 region with an authorization policy which allows account 2 to send emails using this domain identity and I created lambda function in account 2 in eu-west-1 region with these permissions :

{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ses:SendTemplatedEmail",
"ses:SendRawEmail",
"ses:SendEmail",
"ses:SendBulkTemplatedEmail"
],
"Effect": "Allow",
"Resource": "*",
}
]
}

And I verified the recipient identity recipient@xxxxx.com in account 2
Python 3.11 code

import boto3
from botocore.exceptions import ClientError

Create a new SES resource and specify a region.

client = boto3.client('ses',region_name="eu-west-1")

def lambda_handler(event, context):

Try to send the email.

try:
    response = client.send_raw_email(
        Destinations=[ 
            'recipient@xxxxx.com',
        ],

        RawMessage={
            'Data': 'From: sender@example.com\nTo: recipient@xxxxx.com\nSubject: Test email (contains an attachment)\nMIME-Version: 1.0\nContent-type: Multipart/Mixed; boundary="NextPart"\n\n--NextPart\nContent-Type: text/plain\n\nThis is the message body.\n\n--NextPart\nContent-Type: text/plain;\nContent-Disposition: attachment; filename="attachment.txt"\n\nThis is the text in the attachment.\n\n--NextPart--',
        },

        Source='sender@example.com',
        SourceArn='arn:aws:ses:eu-west-1:<account 1>:identity/example.com',
    )
    
    print(response)

# Display an error if something goes wrong.	
except ClientError as e:
    print(e.response['Error']['Message'])
else:
    print("Email sent! Message ID:"),
    print(response['ResponseMetadata']['RequestId'])

Expected Behavior

{
'MessageId': 'EXAMPLEf3f73d99b-c63fb06f-d263-41f8-a0fb-d0dc67d56c07-000000',
'ResponseMetadata': {
'...': '...',
},
}

Current Behavior

ERROR MESSAGE

Email address is not verified. The following identities failed the check in region EU-WEST-1: sender@example.com

Reproduction Steps

import boto3
from botocore.exceptions import ClientError

Create a new SES resource and specify a region.

client = boto3.client('ses',region_name="eu-west-1")

def lambda_handler(event, context):

Try to send the email.

try:
    response = client.send_raw_email(
        Destinations=[ 
            'recipient@xxxxx.com',
        ],

        RawMessage={
            'Data': 'From: sender@example.com\nTo: recipient@xxxxx.com\nSubject: Test email (contains an attachment)\nMIME-Version: 1.0\nContent-type: Multipart/Mixed; boundary="NextPart"\n\n--NextPart\nContent-Type: text/plain\n\nThis is the message body.\n\n--NextPart\nContent-Type: text/plain;\nContent-Disposition: attachment; filename="attachment.txt"\n\nThis is the text in the attachment.\n\n--NextPart--',
        },

        Source='sender@example.com',
        SourceArn='arn:aws:ses:eu-west-1:<account 1>:identity/example.com',
    )
    
    print(response)

# Display an error if something goes wrong.	
except ClientError as e:
    print(e.response['Error']['Message'])
else:
    print("Email sent! Message ID:"),
    print(response['ResponseMetadata']['RequestId'])

Possible Solution

No response

Additional Information/Context

No response

SDK version used

boto3 1.28.55

Environment details (OS name and version, etc.)

AWS Lambda

[rbnbnabs]

Resolved. I had to add "FromArn", along with 'SourceArn'.

FromArn='arn:aws:ses:eu-west-1:<account 1>:identity/example.com'

It worked.