Menu
Amazon Simple Email Service
Developer Guide

Part 4: Create AWS Identity and Access Management Policies and Roles

To ensure the security of your AWS account, you must create an AWS Identity and Access Management (IAM) policy and role. The policy and role define the ways that the components of this solution can interact with each other. This procedure describes how to configure these policies and roles.

To create a new IAM policy and role

  1. Open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation bar, choose Policies.

  3. Choose Create policy.

  4. On the JSON tab, paste the following code into the editor:

    { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSendEmail", "Effect": "Allow", "Action": [ "ses:SendEmail" ], "Resource": [ "*" ] }, { "Sid": "s3allow", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::BUCKET_NAME/*" ] }, { "Sid": "AllowQueuePermissions", "Effect": "Allow", "Action": [ "sqs:ChangeMessageVisibility", "sqs:ChangeMessageVisibilityBatch", "sqs:DeleteMessage", "sqs:DeleteMessageBatch", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage" ], "Resource": [ "SQS_QUEUE_ARN" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:*" ] } ] }

    In the pasted code, change the following attributes:

  5. Choose Review policy.

  6. On the Review policy screen, complete the following sections:

    • For Name, type a name for the policy.

    • For Description, type a brief description of the policy.

  7. Choose Create policy.

  8. In the navigation bar, choose Roles.

  9. Choose Create role.

  10. Under Select type of trusted entity, choose Lambda, and then choose Next: Permissions.

  11. On the Attach permissions policies screen, check the box next to the name of the policy you just created, and then choose Next: Review.

  12. On the Review screen, for Role name, type a name for the role, and then choose Create role.

  13. Proceed to Part 5: Configure Bounce and Complaint Notifications in Amazon SES.