Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Amazon SES

Amazon SES (service prefix: ses) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Amazon SES

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
CloneReceiptRuleSet Creates a receipt rule set by cloning an existing one Write
CreateConfigurationSet Creates a new configuration set Write
CreateConfigurationSetEventDestination Creates a configuration set event destination Write
CreateConfigurationSetTrackingOptions Creates an association between a configuration set and a custom domain for open and click event tracking Write
CreateCustomVerificationEmailTemplate Creates a new custom verification email template Write
CreateReceiptFilter Creates a new IP address filter Write
CreateReceiptRule Creates a receipt rule Write
CreateReceiptRuleSet Creates an empty receipt rule set Write
CreateTemplate Creates an email template Write
DeleteConfigurationSet Deletes the configuration set Write
DeleteConfigurationSetEventDestination Deletes a configuration set event destination Write
DeleteConfigurationSetTrackingOptions Deletes an association between a configuration set and a custom domain for open and click event tracking Write
DeleteCustomVerificationEmailTemplate Deletes an existing custom verification email template Write
DeleteIdentity Deletes the specified identity (an email address or a domain) from the list of verified identities Write
DeleteIdentityPolicy Deletes the specified identity (an email address or a domain) from the list of verified identities Write
DeleteReceiptFilter Deletes the specified IP address filter Write
DeleteReceiptRule Deletes the specified receipt rule Write
DeleteReceiptRuleSet Deletes the specified receipt rule set and all of the receipt rules it contains Write
DeleteTemplate Deletes an email template Write
DeleteVerifiedEmailAddress Deletes the specified email address from the list of verified addresses Write
DescribeActiveReceiptRuleSet Returns the metadata and receipt rules for the receipt rule set that is currently active Read
DescribeConfigurationSet Returns the details of the specified configuration set Read
DescribeReceiptRule Returns the details of the specified receipt rule Read
DescribeReceiptRuleSet Returns the details of the specified receipt rule set Read
GetAccountSendingEnabled Returns the email sending status of the Amazon SES account for the current region Read
GetCustomVerificationEmailTemplate Returns the custom email verification template for the template name you specify Read
GetIdentityDkimAttributes Returns the current status of Easy DKIM signing for an entity Read
GetIdentityMailFromDomainAttributes Returns the custom MAIL FROM attributes for a list of identities (email addresses and/or domains) Read
GetIdentityNotificationAttributes Given a list of verified identities (email addresses and/or domains), returns a structure describing identity notification attributes Read
GetIdentityPolicies Returns the requested sending authorization policies for the given identity (an email address or a domain) Read
GetIdentityVerificationAttributes Given a list of identities (email addresses and/or domains), returns the verification status and (for domain identities) the verification token for each identity Read
GetSendQuota Returns the user's current sending limits Read
GetSendStatistics Returns the user's sending statistics. The result is a list of data points, representing the last two weeks of sending activity Read
GetTemplate Returns the template object (which includes the Subject line, HTML part and text part) for the template you specify Read
ListConfigurationSets Returns a list of the configuration sets associated with your Amazon SES account in the current AWS Region List
ListCustomVerificationEmailTemplates Lists the existing custom verification email templates for your account in the current AWS Region List
ListIdentities Returns a list containing all of the identities (email addresses and domains) for your AWS account, regardless of verification status List
ListIdentityPolicies Returns a list of sending authorization policies that are attached to the given identity (an email address or a domain) List
ListReceiptFilters Lists the IP address filters associated with your AWS account List
ListReceiptRuleSets Lists the receipt rule sets that exist under your AWS account List
ListTemplates Lists the email templates present in your Amazon SES account in the current AWS Region List
ListVerifiedEmailAddresses Returns a list containing all of the email addresses that have been verified List
PutIdentityPolicy Adds or updates a sending authorization policy for the specified identity (an email address or a domain) Write
ReorderReceiptRuleSet Reorders the receipt rules within a receipt rule set Write
SendBounce Generates and sends a bounce message to the sender of an email you received through Amazon SES Write

ses:FromAddress

SendBulkTemplatedEmail Composes an email message to multiple destinations Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendCustomVerificationEmail Adds an email address to the list of identities for your Amazon SES account in the current AWS Region and attempts to verify it Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendEmail Composes an email message based on input data, and then immediately queues the message for sending Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendRawEmail Sends an email message, with header and content specified by the client Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SendTemplatedEmail Composes an email message using an email template and immediately queues it for sending Write

ses:FeedbackAddress

ses:FromAddress

ses:FromDisplayName

ses:Recipients

SetActiveReceiptRuleSet Sets the specified receipt rule set as the active receipt rule set Write
SetIdentityDkimEnabled Enables or disables Easy DKIM signing of email sent from an identity Write
SetIdentityFeedbackForwardingEnabled Given an identity (an email address or a domain), enables or disables whether Amazon SES forwards bounce and complaint notifications as email Write
SetIdentityHeadersInNotificationsEnabled Given an identity (an email address or a domain), sets whether Amazon SES includes the original email headers in the Amazon Simple Notification Service (Amazon SNS) notifications of a specified type Write
SetIdentityMailFromDomain Enables or disables the custom MAIL FROM domain setup for a verified identity (an email address or a domain) Write
SetIdentityNotificationTopic Given an identity (an email address or a domain), sets the Amazon Simple Notification Service (Amazon SNS) topic to which Amazon SES will publish bounce, complaint, and/or delivery notifications for emails sent with that identity as the Source Write
SetReceiptRulePosition Sets the position of the specified receipt rule in the receipt rule set Write
TestRenderTemplate Creates a preview of the MIME content of an email when provided with a template and a set of replacement data Write
UpdateAccountSendingEnabled Enables or disables email sending across your entire Amazon SES account in the current AWS Region Write
UpdateConfigurationSetEventDestination Updates the event destination of a configuration set Write
UpdateConfigurationSetReputationMetricsEnabled Enables or disables the publishing of reputation metrics for emails sent using a specific configuration set in a given AWS Region Write
UpdateConfigurationSetSendingEnabled Enables or disables email sending for messages sent using a specific configuration set in a given AWS Region Write
UpdateConfigurationSetTrackingOptions Modifies an association between a configuration set and a custom domain for open and click event tracking Write
UpdateCustomVerificationEmailTemplate Updates an existing custom verification email template Write
UpdateReceiptRule Updates a receipt rule Write
UpdateTemplate Updates an email template Write
VerifyDomainDkim Returns a set of DKIM tokens for a domain Read
VerifyDomainIdentity Verifies a domain Read
VerifyEmailAddress Verifies an email address. This action causes a confirmation email message to be sent to the specified address Read
VerifyEmailIdentity Verifies an email address. This action causes a confirmation email message to be sent to the specified address. This action is throttled at one request per second Read

Resources Defined by SES

Amazon SES has no service-defined resources that can be used as the Resource element of an IAM policy statement.

Condition Keys for Amazon SES

Amazon SES defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The Condition Keys Table.

To view the global condition keys that are available to all services, see Available Global Condition Keys in the IAM Policy Reference.

Condition Keys Description Type
ses:FeedbackAddress The "Return-Path" address, which specifies where bounces and complaints are sent by email feedback forwarding. String
ses:FromAddress The "From" address of a message. String
ses:FromDisplayName The "From" address that is used as the display name of a message. String
ses:Recipients The recipient addresses of a message, which include the "To", "CC", and "BCC" addresses. String