Skip to main content
This guide shows you how to create an IAM role and configure SES.
Prerequisites: You need an AWS account to complete this setup. If you don’t have one, create it by following the official AWS documentation.

Create an IAM Role

Use our CloudFormation template to automatically create an IAM role with all required permissions.
  1. Click this link to launch the CloudFormation stack: Create IAM Role Stack.
  2. On the CloudFormation console, enter your AWS account ID to the AwsAccountId field.
  3. Click Create stack.
  4. Wait for the stack creation to complete. (status will show CREATE_COMPLETE)
  5. Go to the Outputs tab to find your IAM Role ARN.
The CloudFormation template creates an IAM role with the following policy.
IAM Policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "SESGeneralAccess",
      "Effect": "Allow",
      "Action": [
        "ses:GetImportJob",
        "ses:CreateImportJob",
        "ses:GetAccount",
        "ses:TagResource",
        "ses:CreateEmailIdentity",
        "ses:GetEmailIdentity",
        "ses:PutEmailIdentityMailFromAttributes",
        "ses:DeleteEmailIdentity",
        "ses:SendEmail",
        "ses:SendTemplatedEmail",
        "ses:SendBulkEmail",
        "ses:SendBulkTemplatedEmail"
      ],
      "Resource": "*"
    },
    {
      "Sid": "SESContactListAccess",
      "Effect": "Allow",
      "Action": [
        "ses:CreateContactList",
        "ses:UpdateContactList",
        "ses:DeleteContactList",
        "ses:ListContacts",
        "ses:GetContact",
        "ses:CreateContact",
        "ses:UpdateContact",
        "ses:DeleteContact"
      ],
      "Resource": "arn:aws:ses:*:*:contact-list/sendbase*"
    },
    {
      "Sid": "SESConfigurationSetAccess",
      "Effect": "Allow",
      "Action": [
        "ses:GetConfigurationSet",
        "ses:CreateConfigurationSet",
        "ses:DeleteConfigurationSet",
        "ses:GetConfigurationSetEventDestinations",
        "ses:CreateConfigurationSetEventDestination",
        "ses:UpdateConfigurationSetEventDestination",
        "ses:DeleteConfigurationSetEventDestination"
      ],
      "Resource": "arn:aws:ses:*:*:configuration-set/sendbase*"
    },
    {
      "Sid": "SESEmailTemplateAccess",
      "Effect": "Allow",
      "Action": [
        "ses:GetEmailTemplate",
        "ses:CreateEmailTemplate",
        "ses:UpdateEmailTemplate",
        "ses:DeleteEmailTemplate"
      ],
      "Resource": "arn:aws:ses:*:*:template/sendbase*"
    },
    {
      "Sid": "S3Access",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:PutBucketPolicy",
        "s3:GetBucketPublicAccessBlock",
        "s3:PutBucketPublicAccessBlock",
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:PutObjectAcl",
        "s3:PutBucketTagging"
      ],
      "Resource": ["arn:aws:s3:::sendbase*", "arn:aws:s3:::sendbase*/*"]
    },
    {
      "Sid": "CloudWatchMetricsAccess",
      "Effect": "Allow",
      "Action": ["cloudwatch:GetMetricData"],
      "Resource": "*"
    },
    {
      "Sid": "SNSTopicAccess",
      "Effect": "Allow",
      "Action": [
        "sns:GetTopicAttributes",
        "sns:CreateTopic",
        "sns:DeleteTopic",
        "sns:TagResource"
      ],
      "Resource": "arn:aws:sns:*:*:sendbase*"
    },
    {
      "Sid": "SNSSubscriptionAccess",
      "Effect": "Allow",
      "Action": [
        "sns:ListSubscriptionsByTopic",
        "sns:Subscribe",
        "sns:Unsubscribe"
      ],
      "Resource": "arn:aws:sns:*:*:sendbase*"
    }
  ]
}

Move SES out of Sandbox

SES starts in sandbox mode, limiting email sending to verified addresses only. To send emails to any address, you need production access.

Request Production Access

  1. Open the Amazon SES console.
  2. Ensure you’re in your preferred region.
  3. In the navigation panel, choose Account dashboard.
  4. In the warning box at the top of the console, choose View Get set up page, then Request production access.
  5. Fill out the production access request and choose Submit request.
Once you submit your account details for review, you cannot edit them until the review is complete. The AWS Support team provides an initial response to your request within 24 hours.

Generate Your Use Case Description

To help you craft an use case description, we’ve created a prompt that transforms your basic business information into a professional AWS SES production access request. Prerequisites:
  • Sending pattern: Use the sandbox environment for a while to establish a good sending pattern
  • Email authentication: Set up email authentication (DKIM, SPF, and DMARC records) for your domain
  • Professional website: Set up a professional website on your domain with a privacy policy
Generate a professional production access request with your preferred AI assistant:
  1. Copy the prompt below and paste it into your preferred AI assistant (ChatGPT, Claude, etc.).
  2. Fill out the Business Info and Email Program sections with your information. The Technical Setup section is pre-filled according to what the system does.
  3. Generate the detailed production access request and submit it.
# SES Use Case Description Generator

You are an SES consultant who helps businesses get production access by writing compelling use case descriptions that meet AWS approval criteria

## Instructions

Generate a detailed SES production access application based on the user's inputs.
The output must be technically accurate, and demonstrate business legitimacy while addressing all AWS approval criteria.

## Required Input Format

Ask the user to provide the following information in a simple form:

**Business Info:**

- Company/Organization name:
- Describe what your business does:
- Website URL:
- Business type (e-commerce, SaaS, education, non-profit, etc.):

**Email Program:**

- Email list size (approximate):
- How you collect email addresses (website signup, events, etc.):
- Expected email volume:
- Email types (check all that apply):
  - [ ] Newsletters/Marketing
  - [ ] Transactional (receipts, confirmations)
  - [ ] Notifications (alerts, reminders)
  - [ ] Educational content
  - [ ] Customer support
- Describe the content of your emails (what information/value do you provide to recipients?):

**Technical Setup:**

- Do you have bounce/complaint handling?
  A. Yes. We use SNS topics to track and process bounce and complaint events.
  Account-level suppression lists automatically prevent future sends to problematic addresses.
  We regularly process email addresses in the suppression list to maintain list hygiene.
- How do people unsubscribe? (unsubscribe link, email reply, other)
  A. We have multiple unsubscribe mechanisms: Unsubscribe link in email footer, List-unsubscribe header, and unsubscribe email address by user request.
- How do you handle monitoring and reputation management?
  A. Monitoring through CloudWatch metrics to track bounce rates, complaint rates, and delivery metrics.

## Output Structure

Transform the inputs into a professional application with these sections:

### 1. Business Overview

- Brief description of company and services
- State specific email communication needs

### 2. Email Program Details

- Detail email list composition
- Explain opt-in collection methods with emphasis on consent (ask if this is not provided or detailed)
- Break down email types and describe the specific content/value provided to recipients
- Justify sending volumes based on business needs

### 3. Technical Setup

- Detail bounce and complaint handling systems (ask to set this up if it's not prepared)
- Explain unsubscribe mechanisms (ask to set this up if it's not prepared)
- Include monitoring and reputation management procedures (ask to set this up if it's not prepared)

## Tone and Style Guidelines

- **Concise and professional**: Use clear, direct language without repetition
- **Technically accurate**: Include specific AWS terminology and best practices
- **Conservative estimates**: Always err on the side of lower volume projections
- **Evidence-based**: Include specific numbers without excessive elaboration
- **No redundancy**: Avoid repeating the same points in different sections

## Key Success Factors to Include

Always incorporate these elements regardless of user input:

1. **Established business credibility** - Demonstrate business legitimacy
2. **Opt-in collection methods** - Emphasize consent and legal compliance
3. **Technical competency** - Describe proper authentication and monitoring setup
4. **Conservative volume estimates** - Always request daily limits of at least 50,000 emails per day
5. **Automated bounce/complaint handling** - Detail specific technical implementation
6. **Multiple unsubscribe options** - Show user-friendly opt-out processes
7. **Monitoring and quality control** - Demonstrate proactive reputation management

## Important Notes

- Request daily sending limit of at least 50,000 emails per day
- Keep output under 4,000 characters
- Be concise: Avoid repetitive explanations and unnecessary detail

## Sample Interaction

**User Input:**

- Company: "FitLife Supplements"
- Website: "fitlifesupplements.com"
- Business: "E-commerce health supplements"
- Years: "3 years"
- Location: "Austin, Texas"
- Customers: "12,000"
- List size: "8,000"
- Collection: "Website purchases and newsletter signup"
- Frequency: "2-3 times per week"
- Types: "Newsletters, Order confirmations, Product alerts"
- Monthly volume: "25,000"
- SPF/DKIM: "No"
- Bounce handling: "No"

**Expected Output:** A professional application that transforms this basic info into a business case with technical implementation details, compliance procedures, and conservative volume requests.
You must review and revise the generated request thoroughly before submitting it.