This step-by-step guide will walk you through sending an email notification using Courier and AWS SES. You will:
You will need both Courier and AWS SES accounts to complete this tutorial. If you don't have accounts already, please sign up before proceeding.
Add the AWS SES Integration
Each Courier integration requires different pieces of information based on the needs of the Integration provider (see the requirements for each in the "Integrations" section of the sidebar to the left).
Create an AWS SES API Key
To deliver a message via AWS SES, Courier requires an Access Key ID and Secret Access Key of an Identity and Access Management (IAM) User. This user needs to be able to perform the SES SendEmail Action on the identity or identities ARNs of the recipient(s). See creating a new IAM user and Programmatic access documentation for more details.
Creating an Identity and Access Management (IAM) User with AmazonSESFullAccess Permissions via the AWS SES User Interface
Once logged in to AWS SES, navigate to "Settings" → "My Security Credentials.”
On the "Users" page, click “Add user” and follow the steps to create an IAM user.
When creating a new IAM user, you can attach the AmazonSESFullAccess built-in policy to grant the IAM user full access to sending emails to any identity on the AWS account. This user will have both the “Access Key ID” and “Secret Access Key” you need to integrate with Courier. You can then download the Access Key file (you won’t have another opportunity to do this) as well as view the keys.
Be sure to copy and download your IAM user keys on the success page. You won't have another opportunity to do so.
Create and Attach a Custom Policy
Here is an example of an IAM user with the policy required where they can perform send email against all SES identities:
"Action": ["ses:SendRawEmail", "ses:GetSendStatistics"],
Integrate the AWS SES API Key in Courier
Once you have created your IAM user and downloaded the API Access keys, open the Courier AWS SES integration page and add the Access Key ID and Secret Access Key.
Add an AWS SES Verified "From" Address to Courier
The "From" address must belong to a verified identity in your AWS-SES account (either a verified domain or email). If you already have a verified identity, you will find it on the "Verified identities" page of your AWS console. If you don't, then you'll have to create a verified identity.
AWS SES Verified identities
“A verified identity is a domain, subdomain, or email address you use to send email through Amazon SES. Identity verification at the domain level extends to all email addresses under one verified domain identity.”
See “Verifying an Identity for Amazon SES Sending Authorization” for more information.
Create a verified identity
To verify an identify click Create identity on the Verified identities page.
- To verify a domain, you will need access to your domain's DKIM settings.
- To verify an email, you need access to that email's inbox.
NEW AWS SES Accounts: request to have your account removed from the Amazon SES sandbox
If you have a new AWS SES account, before you or the delegate sender can send email to non-verified email addresses, you have to submit a request to have your account removed from the Amazon SES sandbox. For more information, see "Moving out of the Amazon SES sandbox.".
Add Your Verified "From" Address to the AWS SES Integration
Add your AWS SES verified From email address or any email address with a verified AWS SES domain to the "From Address" field. This will be your default from email for all emails using the AWS SES integration. You can override this default "From" address on a per channel basis within your templates.
Select AWS SES Region
Select your preferred AWS SES region from the dropdown in the Courier AWS SES integration. For more information, see “Regions and Amazon SES.”.
Create and Send a Courier Notification with AWS SES
See "Create and Send a Message" for details on how to:
See the AWS SES integration doc for profile requirements and override options when sending.