Skip to main content
This guide shows you how to create an IAM role and configure SES.
Prerequisites: You need an AWS account to complete this setup. If you don’t have one, create it by following the documentation.

Create an IAM Role

Use our CloudFormation template to automatically create an IAM role with all required permissions.
  1. Click this link to launch the CloudFormation stack: Create IAM Role Stack.
  2. Click Create stack.
  3. Wait for the stack creation to complete. (status will show CREATE_COMPLETE)
  4. Go to the Outputs tab to find your IAM Role ARN.
IAM role is the safest way to grant access. The CloudFormation template creates a role that grants minimal permissions corresponding to the application’s use, only works with Sendbase, and cannot be used elsewhere.
IAM Policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "SESGeneralAccess",
      "Effect": "Allow",
      "Action": [
        "ses:GetImportJob",
        "ses:CreateImportJob",
        "ses:GetAccount",
        "ses:TagResource",
        "ses:CreateEmailIdentity",
        "ses:GetEmailIdentity",
        "ses:PutEmailIdentityMailFromAttributes",
        "ses:DeleteEmailIdentity",
        "ses:SendEmail",
        "ses:SendTemplatedEmail",
        "ses:SendBulkEmail",
        "ses:SendBulkTemplatedEmail"
      ],
      "Resource": "*"
    },
    {
      "Sid": "SESContactListAccess",
      "Effect": "Allow",
      "Action": [
        "ses:GetContactList",
        "ses:CreateContactList",
        "ses:UpdateContactList",
        "ses:DeleteContactList",
        "ses:ListContacts",
        "ses:GetContact",
        "ses:CreateContact",
        "ses:UpdateContact",
        "ses:DeleteContact"
      ],
      "Resource": "arn:aws:ses:*:*:contact-list/sendbase*"
    },
    {
      "Sid": "SESConfigurationSetAccess",
      "Effect": "Allow",
      "Action": [
        "ses:GetConfigurationSet",
        "ses:CreateConfigurationSet",
        "ses:DeleteConfigurationSet",
        "ses:GetConfigurationSetEventDestinations",
        "ses:CreateConfigurationSetEventDestination",
        "ses:UpdateConfigurationSetEventDestination",
        "ses:DeleteConfigurationSetEventDestination"
      ],
      "Resource": "arn:aws:ses:*:*:configuration-set/sendbase*"
    },
    {
      "Sid": "SESEmailTemplateAccess",
      "Effect": "Allow",
      "Action": [
        "ses:GetEmailTemplate",
        "ses:CreateEmailTemplate",
        "ses:UpdateEmailTemplate",
        "ses:DeleteEmailTemplate"
      ],
      "Resource": "arn:aws:ses:*:*:template/sendbase*"
    },
    {
      "Sid": "S3Access",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:PutBucketPolicy",
        "s3:GetBucketPublicAccessBlock",
        "s3:PutBucketPublicAccessBlock",
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:PutObjectAcl",
        "s3:PutBucketTagging"
      ],
      "Resource": ["arn:aws:s3:::sendbase*", "arn:aws:s3:::sendbase*/*"]
    },
    {
      "Sid": "CloudWatchMetricsAccess",
      "Effect": "Allow",
      "Action": ["cloudwatch:GetMetricData"],
      "Resource": "*"
    },
    {
      "Sid": "SNSTopicAccess",
      "Effect": "Allow",
      "Action": [
        "sns:GetTopicAttributes",
        "sns:CreateTopic",
        "sns:DeleteTopic",
        "sns:TagResource"
      ],
      "Resource": "arn:aws:sns:*:*:sendbase*"
    },
    {
      "Sid": "SNSSubscriptionAccess",
      "Effect": "Allow",
      "Action": [
        "sns:ListSubscriptionsByTopic",
        "sns:Subscribe",
        "sns:Unsubscribe"
      ],
      "Resource": "arn:aws:sns:*:*:sendbase*"
    }
  ]
}

Move SES out of Sandbox

SES starts in sandbox mode, limiting email sending to verified addresses only. To send emails to any address, you need production access.

Request Production Access

  1. Open the Amazon SES console.
  2. Ensure you’re in your preferred region.
  3. In the navigation panel, choose Account dashboard.
  4. In the warning box at the top of the console, choose View Get set up page, then Request production access.
  5. Fill out the production access request and choose Submit request.
Once you submit your account details for review, you cannot edit them until the review is complete. The AWS Support team provides an initial response to your request within 24 hours.

Generate Your Use Case Description

To help you craft an use case description, we’ve created a prompt that transforms your basic business information into a professional AWS SES production access request. Prerequisites:
  • Sending pattern: Use the sandbox environment for a while to establish a good sending pattern
  • Email authentication: Set up email authentication (DKIM, SPF, and DMARC records) for your domain
  • Professional website: Set up a professional website on your domain with a privacy policy
Generate a professional production access request with your preferred AI assistant:
  1. Copy the prompt below and paste it into your preferred AI assistant (ChatGPT, Claude, etc.).
  2. Fill out the Business Info and Email Program sections with your information. The Technical Setup section is pre-filled according to what the system does.
  3. Generate the detailed production access request and submit it.
# SES Use Case Description Generator

You are an SES consultant who helps businesses get production access by writing compelling use case descriptions that meet AWS approval criteria

## Instructions

Generate a detailed SES production access application based on the user's inputs.
The output must be technically accurate, and demonstrate business legitimacy while addressing all AWS approval criteria.

## Required Input Format

Ask the user to provide the following information in a simple form:

Business Info:

- Company/Organization name:
- Describe what your business does:
- Website URL:
- Business type (e-commerce, SaaS, education, non-profit, etc.):

Email Program:

- Email list size (approximate):
- How you collect email addresses (website signup, events, etc.):
- Expected email volume:
- Email types (check all that apply):
  - [ ] Newsletters/Marketing
  - [ ] Transactional (receipts, confirmations)
  - [ ] Notifications (alerts, reminders)
  - [ ] Educational content
  - [ ] Customer support
- Describe the content of your emails (what information/value do you provide to recipients?):

Technical Setup:

- Do you have bounce/complaint handling?
  A. We have implemented automated bounce and complaint handling using AWS SES feedback notifications via SNS topics.
  Our system processes hard bounces and complaints in real-time, automatically updating the contact list to suppress future sends to those addresses.
- How do you handle unsubscribes?
  A. Every email we send includes a clear, prominent unsubscribe link in the footer.
  We also implement List-Unsubscribe and List-Unsubscribe-Post headers to support one-click unsubscribe functionality.
  Unsubscribe requests are processed immediately and automatically.
- How do you handle monitoring and reputation management?
  A. We continuously monitor bounce rates and complaint rates at both the account level and per-campaign level in real-time.
  We track delivery rates and engagement metrics.
  We regularly review our sending patterns to identify and address any issues promptly.

## Output Structure

Transform the inputs into a professional application with these sections:

### 1. Business Overview

- Brief description of company and services
- State specific email communication needs

### 2. Email Program Details

- Detail email list composition
- Explain opt-in collection methods with emphasis on consent (ask if this is not provided or detailed)
- Break down email types and describe the specific content/value provided to recipients
- Justify sending volumes based on business needs

### 3. Technical Setup

- Detail bounce and complaint handling systems (ask to set this up if it's not prepared)
- Explain unsubscribe mechanisms (ask to set this up if it's not prepared)
- Include monitoring and reputation management procedures (ask to set this up if it's not prepared)

## Tone and Style Guidelines

- Concise and professional: Use clear, direct language without repetition
- Technically accurate: Include specific AWS terminology and best practices
- Conservative estimates: Always err on the side of lower volume projections
- Evidence-based: Include specific numbers without excessive elaboration
- No redundancy: Avoid repeating the same points in different sections

## Key Success Factors to Include

Always incorporate these elements regardless of user input:

1. Established business credibility - Demonstrate business legitimacy
2. Opt-in collection methods - Emphasize consent and legal compliance
3. Technical competency - Describe proper authentication and monitoring setup
4. Automated bounce/complaint handling - Detail specific technical implementation
5. Multiple unsubscribe options - Show user-friendly opt-out processes
6. Monitoring and quality control - Demonstrate proactive reputation management

## Important Notes

- Keep output under 4,000 characters
- Be concise: Avoid repetitive explanations and unnecessary detail

## Sample Interaction

**User Input:**

- Company: "FitLife Supplements"
- Website: "fitlifesupplements.com"
- Business: "E-commerce health supplements"
- Years: "3 years"
- Location: "Austin, Texas"
- Customers: "12,000"
- List size: "8,000"
- Collection: "Website purchases and newsletter signup"
- Frequency: "2-3 times per week"
- Types: "Newsletters, Order confirmations, Product alerts"
- Monthly volume: "25,000"
- SPF/DKIM: "No"
- Bounce handling: "No"

**Expected Output:** A professional application that transforms this basic info into a business case with technical implementation details, compliance procedures, and conservative volume requests.
You must review and revise the generated request thoroughly before submitting it.