🔌Connect Amazon SES API

We are not following Amazon's best practices in this guide to greatly reduce complexity.

This documentation gives you the shortest path to send your first email by having you create access keys for the root user. This will increase your chances of a successful setup.

Amazon recommends creating an IAM account that has the minimum access required for using SES as best practice, rather than using root user access keys as shown in this guide.

Advanced users only

To implement Amazon's best practices yourself, create a new user with only the AmazonSESFullAccess and AmazonSNSFullAccess permissions policies applied.

First, create an Amazon AWS account if you don't have one.

As of the time of this writing, the link is:

Login to the AWS console as the root user you've created

You'll start off at the console home page.

Take note of your account region, this will be needed later.

In the upper right of the console home, click your username, then security credentials.

Scroll down to create access key.

Amazon will warn you this is not following best practices, confirm to go to the next step.

Copy both of your access keys and save them somewhere secure as you will need them to integrate with your EmailDelivery.com platform installation later.

Now that your access credentials have been created, it's time to go to the Amazon SES page.

Click verified identities.

Click create identity.

Your verified identity is the domain you want to send mail with over Amazon SES

This is going to be a subdomain exclusively created for this purpose.

After saving, you'll need to verify your ownership of the domain by creating some CNAME records generated by Amazon to your DNS provider.

Below is an example of how this would look on Cloudflare.

The best things come to those who wait

Amazon autodetects the CNAME records. You'll need to periodically refresh the page until it finds them.

Once your domain has successfully been verified you'll see the following.

Now it's time to add your Amazon SES sending domain to your platform.

In the backend navigation go to Connect -> Amazon SES API.

Click Add SES account.

Look at the URL of your Amazon console to find your region, and add the domain you used for your verified identity.

Click save.

if your configuration saves successfully you should now be integrated with Amazon SES.

🚨 For new Amazon SES accounts there's one more step. 🚨

New accounts start off in the Amazon "Sandbox" until they're approved by Amazon.

When you're in the Amazon sandbox, you can only send test messages to your own verified email addresses; this would typically be a Gmail address.

To verify an email address, Amazon emails a link.

Click the link and you can send test messages through Amazon until you're approved to send outside of the sandbox.

Create an identity just like you did to verify your domain:

Choose Email address instead of Domain this time:

Click the link sent to your email:

You're done. You can send messages to your verified email address from the sandbox now.

URGENT: Don't use an Amazon SES authenticated email address as your ESP platform's Sender Email Address.

Using your verified email address as your sender email address will stop Amazon from sending webhooks back to your platform, causing your stats to be blank.


The below steps are optional and for troubleshooting purposes only.

On Amazon, the notifications tab should show feedback notifications have been created. If it's not there, refresh the page a few times.

You should have an SNS topic automatically configured at the following url.

Under topics/subscriptions you should see your platform install domain admin_url has been added automatically as your webhook endpoint.

Last updated