Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon SES

Amazon SES (service prefix: ses) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon SES

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
CloneReceiptRuleSet Creates a receipt rule set by cloning an existing one

Write

CreateConfigurationSet Creates a new configuration set

Write

CreateConfigurationSetEventDestination Creates a configuration set event destination

Write

CreateConfigurationSetTrackingOptions Creates an association between a configuration set and a custom domain for open and click event tracking

Write

CreateCustomVerificationEmailTemplate Creates a new custom verification email template

Write

CreateReceiptFilter Creates a new IP address filter

Write

CreateReceiptRule Creates a receipt rule

Write

CreateReceiptRuleSet Creates an empty receipt rule set

Write

CreateTemplate Creates an email template

Write

DeleteConfigurationSet Deletes the configuration set

Write

DeleteConfigurationSetEventDestination Deletes a configuration set event destination

Write

DeleteConfigurationSetTrackingOptions Deletes an association between a configuration set and a custom domain for open and click event tracking

Write

DeleteCustomVerificationEmailTemplate Deletes an existing custom verification email template

Write

DeleteIdentity Deletes the specified identity (an email address or a domain) from the list of verified identities

Write

DeleteIdentityPolicy Deletes the specified identity (an email address or a domain) from the list of verified identities

Write

DeleteReceiptFilter Deletes the specified IP address filter

Write

DeleteReceiptRule Deletes the specified receipt rule

Write

DeleteReceiptRuleSet Deletes the specified receipt rule set and all of the receipt rules it contains

Write

DeleteTemplate Deletes an email template

Write

DeleteVerifiedEmailAddress Deletes the specified email address from the list of verified addresses

Write

DescribeActiveReceiptRuleSet Returns the metadata and receipt rules for the receipt rule set that is currently active

Read

DescribeConfigurationSet Returns the details of the specified configuration set

Read

DescribeReceiptRule Returns the details of the specified receipt rule

Read

DescribeReceiptRuleSet Returns the details of the specified receipt rule set

Read

GetAccountSendingEnabled Returns the email sending status of the Amazon SES account for the current region

Read

GetCustomVerificationEmailTemplate Returns the custom email verification template for the template name you specify

Read

GetIdentityDkimAttributes Returns the current status of Easy DKIM signing for an entity

Read

GetIdentityMailFromDomainAttributes Returns the custom MAIL FROM attributes for a list of identities (email addresses and/or domains)

Read

GetIdentityNotificationAttributes Given a list of verified identities (email addresses and/or domains), returns a structure describing identity notification attributes

Read

GetIdentityPolicies Returns the requested sending authorization policies for the given identity (an email address or a domain)

Read

GetIdentityVerificationAttributes Given a list of identities (email addresses and/or domains), returns the verification status and (for domain identities) the verification token for each identity

Read

GetSendQuota Returns the user's current sending limits

Read

GetSendStatistics Returns the user's sending statistics. The result is a list of data points, representing the last two weeks of sending activity

Read

GetTemplate Returns the template object (which includes the Subject line, HTML part and text part) for the template you specify

Read

ListConfigurationSets Returns a list of the configuration sets associated with your Amazon SES account in the current AWS Region

List

ListCustomVerificationEmailTemplates Lists the existing custom verification email templates for your account in the current AWS Region

List

ListIdentities Returns a list containing all of the identities (email addresses and domains) for your AWS account, regardless of verification status

List

ListIdentityPolicies Returns a list of sending authorization policies that are attached to the given identity (an email address or a domain)

List

ListReceiptFilters Lists the IP address filters associated with your AWS account

List

ListReceiptRuleSets Lists the receipt rule sets that exist under your AWS account

List

ListTemplates Lists the email templates present in your Amazon SES account in the current AWS Region

List

ListVerifiedEmailAddresses Returns a list containing all of the email addresses that have been verified

List

PutIdentityPolicy Adds or updates a sending authorization policy for the specified identity (an email address or a domain)

Write

ReorderReceiptRuleSet Reorders the receipt rules within a receipt rule set

Write

SendBounce Generates and sends a bounce message to the sender of an email you received through Amazon SES

Write

ses:FromAddress

SendBulkTemplatedEmail Composes an email message to multiple destinations

Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendCustomVerificationEmail Adds an email address to the list of identities for your Amazon SES account in the current AWS Region and attempts to verify it

Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendEmail Composes an email message based on input data, and then immediately queues the message for sending

Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendRawEmail Sends an email message, with header and content specified by the client

Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendTemplatedEmail Composes an email message using an email template and immediately queues it for sending

Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SetActiveReceiptRuleSet Sets the specified receipt rule set as the active receipt rule set

Write

SetIdentityDkimEnabled Enables or disables Easy DKIM signing of email sent from an identity

Write

SetIdentityFeedbackForwardingEnabled Given an identity (an email address or a domain), enables or disables whether Amazon SES forwards bounce and complaint notifications as email

Write

SetIdentityHeadersInNotificationsEnabled Given an identity (an email address or a domain), sets whether Amazon SES includes the original email headers in the Amazon Simple Notification Service (Amazon SNS) notifications of a specified type

Write

SetIdentityMailFromDomain Enables or disables the custom MAIL FROM domain setup for a verified identity (an email address or a domain)

Write

SetIdentityNotificationTopic Given an identity (an email address or a domain), sets the Amazon Simple Notification Service (Amazon SNS) topic to which Amazon SES will publish bounce, complaint, and/or delivery notifications for emails sent with that identity as the Source

Write

SetReceiptRulePosition Sets the position of the specified receipt rule in the receipt rule set

Write

TestRenderTemplate Creates a preview of the MIME content of an email when provided with a template and a set of replacement data

Write

UpdateAccountSendingEnabled Enables or disables email sending across your entire Amazon SES account in the current AWS Region

Write

UpdateConfigurationSetEventDestination Updates the event destination of a configuration set

Write

UpdateConfigurationSetReputationMetricsEnabled Enables or disables the publishing of reputation metrics for emails sent using a specific configuration set in a given AWS Region

Write

UpdateConfigurationSetSendingEnabled Enables or disables email sending for messages sent using a specific configuration set in a given AWS Region

Write

UpdateConfigurationSetTrackingOptions Modifies an association between a configuration set and a custom domain for open and click event tracking

Write

UpdateCustomVerificationEmailTemplate Updates an existing custom verification email template

Write

UpdateReceiptRule Updates a receipt rule

Write

UpdateTemplate Updates an email template

Write

VerifyDomainDkim Returns a set of DKIM tokens for a domain

Read

VerifyDomainIdentity Verifies a domain

Read

VerifyEmailAddress Verifies an email address. This action causes a confirmation email message to be sent to the specified address

Read

VerifyEmailIdentity Verifies an email address. This action causes a confirmation email message to be sent to the specified address. This action is throttled at one request per second

Read

Resources Defined by SES

SES has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon SES

Amazon SES defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The Condition Keys Table.

To view the global condition keys that are available to all services, see Available Global Condition Keys in the IAM Policy Reference.

Condition Keys Description Type
ses:FeedbackAddress The "Return-Path" address, which specifies where bounces and complaints are sent by email feedback forwarding. String
ses:FromAddress The "From" address of a message. String
ses:FromDisplayName The "From" address that is used as the display name of a message. String
ses:Recipients The recipient addresses of a message, which include the "To", "CC", and "BCC" addresses. String