AWS Simple Email Service

Send email from verified domains using Amazon Simple Email Service (SES). Supports SMTP and the SES HTTP API.

• Documentation
• Support
• Catalog Metadata ID: 260f2ead-b9e9-48b5-9a01-6e3097208ad7
• Tags: aws, csb
• Service Name: aws-ses
• Provider Display Name : Cloud.gov

Provisioning

Request Parameters

• domain string - Domain from which mail will be sent. For example, agency.gov. If left empty, a temporary cloud.gov subdomain will be generated. Default: ``.
• admin_email string - Required An administrative email address that Cloud.gov will use to contact you if your identity is in danger of having its ability to send emails paused. For example, email-admin@agency.gov. See Cloud.gov AWS SES - Reputation Protection for details. By default, this address will also be used as the DMARC report and error email address. If you provide alternate DMARC addresses by setting the dmarc_report_aggregate_recipients and dmarc_report_failure_recipients parameters, those will be used instead. If you update this parameter and neither dmarc_report_uri parameter is specified, remember to update your DNS with the new records in the required_records output.
• dmarc_report_aggregate_recipients array - The email addresses to which DMARC aggregate reports should be sent. Reports are automatically sent to reports@dmarc.cyber.dhs.gov. If you specify a domain and later update this parameter, remember to update your DNS with the new records in the required_records output.
• dmarc_report_failure_recipients array - The email addresses to which DMARC individual message failure reports should be sent. If you specify a domain and later update this parameter, remember to update your DNS with the new records in the required_records output.
• enable_feedback_notifications boolean - Flag to toggle creation of SNS topics for feedback notifications. Default: false.
• mail_from_subdomain string - The custom MAIL FROM domain that you want the verified identity to use. See the SES v2 API reference for requirements. Default: ``.

Binding

Request Parameters

• source_ips array - A list of IP ranges in CIDR format. If specified, requests made with this binding must originate from the specified ranges. By default, all requests are allowed. Default: [].
• notification_webhook string - HTTPS endpoint to subscribe to feedback notifications.

Response Parameters

• region string - AWS region of the SES identity.
• required_records object - If a domain was supplied, you must create these records in that zone in your DNS system.
• dmarc_report_aggregate_recipients string - The mailto URI to which DMARC aggregate reports should be sent. For example, mailto:dmarc@example.gov. Reports are automatically sent to reports@dmarc.cyber.dhs.gov.
• dmarc_report_failure_recipients string - The mailto URI to which DMARC individual message failure reports should be sent. For example, mailto:dmarc@example.gov.
• instructions string - Any further steps that you must take before using the service.
• configuration_set_arn string - ARN of the SES Configuration Set associated with the identity. Used to create bindings.
• domain_arn string - Instance SES domain identity. Used to create bindings.
• reputation_topic_arn string - ARN of the SNS topic receiving alarms related to reputation metrics.
• bounce_topic_arn string - ARN of the SNS topic receiving bounce feedback notifications.
• complaint_topic_arn string - ARN of the SNS topic receiving complaint feedback notifications.
• delivery_topic_arn string - ARN of the SNS topic receiving delivery feedback notifications.
• smtp_server string - SMTP server.
• smtp_user string - SMTP user.
• smtp_password string - SMTP password.
• aws_access_key_id string - AWS Access Key ID.
• aws_secret_access_key string - AWS Secret Access Key.
• notification_webhook string - Subscribed endpoint for email feedback notifications

Plans

The following plans are built-in to the Cloud Service Broker and may be overridden or disabled by the broker administrator.

• base
  • Plan ID: 35ffb84b-a898-442e-b5f9-0a6a5229827d.
  • Description: Provision credentials for sending email from any user at a domain, like agency.gov.
  • This plan doesn't override user variables on provision.
  • This plan doesn't override user variables on bind.

Examples

Quickstart

Omit the domain parameter and Cloud.gov will generate a domain for you. This is useful for development and testing. Uses plan: 35ffb84b-a898-442e-b5f9-0a6a5229827d.

Provision

{
    "admin_email": "email-admin@agency.gov"
}

Bind

{}

Cloud Foundry Example

$ cf create-service aws-ses base my-aws-ses-example -c `{"admin_email":"email-admin@agency.gov"}`
$ cf bind-service my-app my-aws-ses-example -c `{}`

Separate DMARC recipients

Manually specify the dmarc_report_uri parameters and DMARC reports will be sent to their URIs instead of admin_email. Uses plan: 35ffb84b-a898-442e-b5f9-0a6a5229827d.

Provision

{
    "admin_email": "email-admin@agency.gov",
    "dmarc_report_aggregate_recipients": [
        "dmarc@agency.gov"
    ],
    "dmarc_report_failure_recipients": [
        "dmarc@agency.gov",
        "another-address@agency.gov"
    ]
}

Bind

{}

Cloud Foundry Example

$ cf create-service aws-ses base my-aws-ses-example -c `{"admin_email":"email-admin@agency.gov","dmarc_report_aggregate_recipients":["dmarc@agency.gov"],"dmarc_report_failure_recipients":["dmarc@agency.gov","another-address@agency.gov"]}`
$ cf bind-service my-app my-aws-ses-example -c `{}`

External domain

Specify the domain parameter to send mail from a agency-managed domain. Binding or creating a service key will show instructions for creating the required DNS records. Uses plan: 35ffb84b-a898-442e-b5f9-0a6a5229827d.

Provision

{
    "admin_email": "email-admin@agency.gov",
    "domain": "agency.gov"
}

Bind

{}

Cloud Foundry Example

$ cf create-service aws-ses base my-aws-ses-example -c `{"admin_email":"email-admin@agency.gov","domain":"agency.gov"}`
$ cf bind-service my-app my-aws-ses-example -c `{}`

---