AWS Amazon Simple Email Service (Amazon SES) Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Business applications

1. Introduction

Amazon Simple Email Service (Amazon SES) is AWS’s managed email platform for sending and receiving email at scale. It’s commonly used in Business applications for transactional email (sign-ups, password resets, receipts), marketing/bulk email, and inbound email processing (support inbox automation, email-to-ticket pipelines).

Simple explanation (non-technical): Amazon Simple Email Service (Amazon SES) lets your applications send emails reliably without you running mail servers. You connect your domain or email address, and SES handles delivery, reputation signals (bounces/complaints), and scaling.

Technical explanation (engineer-focused): Amazon Simple Email Service (Amazon SES) provides regional email-sending and receiving endpoints accessible via API/SDK/SMTP. You verify identities (domains or email addresses), optionally configure authentication (SPF/DKIM/DMARC alignment), and send mail using SendEmail/SendRawEmail (or SES v2 equivalents). You can publish delivery events (deliveries, bounces, complaints, rejects, etc.) to downstream AWS services for monitoring, automation, and analytics.

What problem it solves: SES removes the operational burden of building and operating an outbound mail transfer system (MTAs, IP warmup, reputation management, feedback loops), while giving you programmatic control, observability, and integration with AWS security and governance.

Service status note: Amazon Simple Email Service (Amazon SES) is an active AWS service. AWS provides multiple APIs (including SES API v2). Always verify the latest endpoint/feature availability for your Region in the official documentation.

2. What is Amazon Simple Email Service (Amazon SES)?

Amazon Simple Email Service (Amazon SES) is a managed email service on AWS designed to help you send and receive email using your own domains and applications.

Official purpose

Provide a scalable, reliable way to send transactional, bulk, and marketing emails.
Enable inbound email receiving for building workflows (store, process, route).
Help improve deliverability via authentication (SPF/DKIM), reputation signals, and feedback handling.

Core capabilities

Outbound email sending via:
AWS SDK/API (SES API)
SMTP interface (SMTP credentials derived from IAM)
Inbound email receiving via receipt rules (store in S3, invoke Lambda, notify SNS, etc.)
Identity management for sending authorization (domain/email verification)
Email authentication support (DKIM; SPF alignment using custom MAIL FROM domain; DMARC guidance via DNS policy)
Observability (delivery/bounce/complaint events publishing; metrics and logs via integrations)
Dedicated IP options for senders who need more direct control over reputation (availability and names vary by offering—verify in official docs)
Suppression management to avoid sending to addresses that bounce/complain repeatedly

Major components (mental model)

Component	What it is	Why it matters
Identities (Domain / Email address)	Verified send-from authorization objects	Prevents unauthorized sending and enables DKIM setup
Configuration sets	Per-message “policy + telemetry” container	Enables event publishing, tagging, optional tracking features
Email templates	Stored templates for consistent sending	Reduces application logic and improves consistency
Event publishing / destinations	Streams bounce/complaint/delivery events	Enables automation and monitoring
Receipt rule sets (inbound)	Rules for handling inbound mail	Enables email-to-S3/Lambda pipelines
SMTP endpoint & credentials	SMTP interface backed by SES	Easy integration for legacy apps

Service type

Managed AWS service (you do not manage MTAs, scaling, or patching).
Accessed via regional endpoints (send/receive features are Region-scoped; behavior and availability can vary by Region).

Scope (regional/global/account)

Account-scoped within an AWS account.
Regional for most operations (identities, sending endpoints, receipt rules, and configuration sets are typically created/used in a specific Region).
Some controls (like account-level sending limits) apply per account per Region.

How it fits into the AWS ecosystem

Amazon Simple Email Service (Amazon SES) integrates naturally with: – IAM for fine-grained API permissions and SMTP credential derivation – CloudTrail for API auditing – CloudWatch (metrics/alarms) and event publishing destinations for operational visibility – SNS / SQS / Lambda / S3 for inbound processing and event-driven automation – KMS for encryption at rest in related services (S3, SNS, etc.) – Route 53 (optional) for DNS records (verification, DKIM, custom MAIL FROM, DMARC)

3. Why use Amazon Simple Email Service (Amazon SES)?

Business reasons

Faster time-to-market: Send production-grade email without building mail infrastructure.
Brand control: Use your own domains (and align authentication) rather than sending from shared vendor domains.
Scales with growth: Suitable from a small app to high-volume platforms.

Technical reasons

API-first sending: Integrate directly with application code using AWS SDKs.
SMTP compatibility: Integrate with off-the-shelf tools that only know SMTP.
Inbound pipelines: Turn email into structured events (S3 objects, Lambda invocations).

Operational reasons

Managed deliverability plumbing: Bounces, complaints, and reputational signals are handled through the service’s mechanisms.
Event-driven monitoring: Publish events to build dashboards and alerting.
Automation: Use Lambda/SNS/SQS for retry policies, suppression, and ticket creation.

Security/compliance reasons

IAM-based access control: Control who can send, from what identities, and from which environments.
Auditing: Track SES API calls via CloudTrail.
Encryption options: Protect stored inbound mail (S3 + KMS) and secure event streams.

Scalability/performance reasons

Designed for high-throughput sending with rate limits and quotas (increase via requests).
Regional endpoints reduce latency to AWS workloads in the same Region.

When teams should choose it

Choose Amazon Simple Email Service (Amazon SES) when you need: – Transactional email from AWS-hosted applications – Bulk email at predictable operational overhead – Programmatic inbound email processing – Tight integration with AWS IAM, monitoring, and event-driven services

When teams should not choose it

Consider alternatives when: – You need a full marketing automation suite (journeys, segmentation, advanced campaign management). SES is primarily an email infrastructure service; higher-level marketing tooling may live elsewhere (including other AWS services or third parties). – You require on-prem-only connectivity with no public endpoints and cannot meet security requirements (verify private connectivity options in official docs). – You want a turnkey human mailbox/collaboration solution (that’s more like Amazon WorkMail / Microsoft 365 / Google Workspace).

4. Where is Amazon Simple Email Service (Amazon SES) used?

Industries

SaaS and B2B platforms (account verification, billing emails)
E-commerce (receipts, shipping updates, abandon-cart triggers)
FinTech (alerts, statements, verification flows)
Healthcare (appointment reminders—ensure compliance controls)
Media/consumer apps (welcome series, notifications)
Education (enrollment and notification workflows)

Team types

Application development teams (backend and full-stack)
Platform/DevOps/SRE teams (standardized email platform)
Security teams (domain authentication, anti-spoofing)
Data/analytics teams (event streams for deliverability KPIs)
Support operations (inbound email routing)

Workloads

Microservices sending transactional events
Monoliths needing SMTP for legacy components
Serverless workflows (Lambda triggers outbound email)
Multi-tenant SaaS with per-tenant domains or identities

Architectures

Event-driven architectures using SNS/SQS/Lambda for bounce handling
Pipeline-based inbound email (SES → S3 → Lambda → ticketing system)
Multi-account setups using centralized email platforms and cross-account permissions (requires careful IAM design)

Production vs dev/test usage

Dev/test: Use SES sandbox, verified sender/recipient identities, and strict IAM permissions.
Production: Request production access (if required), set up domain authentication (DKIM + SPF alignment via custom MAIL FROM), implement bounce/complaint handling, monitoring, and suppression strategies.

5. Top Use Cases and Scenarios

Below are realistic scenarios where Amazon Simple Email Service (Amazon SES) fits well.

1) Transactional signup verification emails

Problem: You must send verification links quickly and reliably.
Why SES fits: API-driven sending, scalable throughput, event visibility.
Scenario: A SaaS app sends a verification email after user registration; bounces are tracked to prevent repeated sends.

2) Password reset and MFA codes

Problem: Security-critical emails must arrive fast and be monitored.
Why SES fits: Low-latency sending from AWS Regions; event publishing to detect failures.
Scenario: A Lambda function sends password reset links; operations alerts on sudden bounce spikes.

3) Order confirmations and invoices

Problem: Your business must send receipts and invoices with attachments or rich HTML.
Why SES fits: Supports raw email for full MIME control; integrates with AWS SDKs.
Scenario: An order service sends HTML receipts and PDF invoices (MIME) through SES.

4) Bulk product announcements (controlled marketing)

Problem: Send newsletters while managing deliverability and unsubscribes.
Why SES fits: Scales for bulk; event publishing; suppression handling.
Scenario: Weekly newsletter to opted-in users; complaints trigger suppression and internal alerts.

5) Multi-tenant SaaS “send on behalf of” domains

Problem: Each tenant wants mail to come from their own domain.
Why SES fits: Domain identities and IAM scoping can separate tenant configurations.
Scenario: A CRM sends email from tenantA.com and tenantB.com with isolated identities and configuration sets.

6) Application-to-support ticket ingestion (inbound email)

Problem: Support emails need automatic parsing and routing.
Why SES fits: Inbound email receipt rules can store in S3 and trigger Lambda.
Scenario: Emails to support@company.com are stored in S3; Lambda extracts headers/body and creates a ticket in an external system.

7) Bounce/complaint automation to protect reputation

Problem: Repeated sending to invalid addresses damages deliverability.
Why SES fits: Bounce/complaint events can be streamed to automation systems.
Scenario: Bounce notifications go to SNS → SQS → a worker updates the customer DB and stops future mail.

8) Security alerting from AWS workloads

Problem: You need immediate alerts (but not a full paging system).
Why SES fits: Programmatic, low overhead; can use SMTP or API.
Scenario: A security tool sends high-priority alerts to a distribution list; delivery failures are tracked.

9) Reports and scheduled summaries

Problem: Periodic reports must be sent to stakeholders.
Why SES fits: Integrates with scheduled Lambda/Step Functions; templates reduce code.
Scenario: A nightly job sends a KPI summary email using a stored SES template.

10) Environment-separated email for staging vs production

Problem: Avoid accidentally emailing real customers from staging.
Why SES fits: Sandbox + strict IAM + separate identities per environment.
Scenario: Staging SES is restricted to internal recipients; production uses domain identity and higher quotas.

11) Legacy app SMTP relay replacement

Problem: A legacy system only supports SMTP and needs modernization.
Why SES fits: SES SMTP endpoint + SMTP credentials.
Scenario: A Windows app uses SES SMTP instead of an on-prem relay, with IAM-controlled credentials rotation.

12) Centralized outbound email platform for multiple AWS accounts

Problem: Many teams need email, but security wants centralized governance.
Why SES fits: Central account can own identities; other accounts can be granted controlled sending rights (design carefully; verify recommended patterns in official docs).
Scenario: Platform team manages domain identity and config sets; application accounts assume a role with restricted ses:SendEmail.

6. Core Features

This section focuses on widely used, current SES capabilities. Feature availability can vary by Region—verify in official docs where needed.

6.1 Email sending via API (SDK/CLI)

What it does: Send email using AWS SDKs or AWS CLI.
Why it matters: Enables deep application integration, automation, and structured metadata.
Practical benefit: Attach configuration sets/tags for analytics; handle errors programmatically.
Caveats: You must verify identities; sandbox restrictions may apply until production access is granted.

6.2 Email sending via SMTP interface

What it does: Sends email via standard SMTP to an SES SMTP endpoint using SMTP credentials derived from IAM.
Why it matters: Works with legacy apps, email libraries, and tools that support SMTP but not AWS APIs.
Practical benefit: Minimal application changes; reuse existing SMTP-based tooling.
Caveats: SMTP credentials must be protected and rotated; network egress to SES endpoints required.

6.3 Verified identities (domain and email address)

What it does: Proves you control a domain/email address and authorizes SES to send from it.
Why it matters: Prevents spoofing and improves deliverability when combined with authentication.
Practical benefit: Domain identity enables sending from any address in that domain.
Caveats: DNS changes and propagation time for domain verification/DKIM.

6.4 DKIM signing (domain authentication)

What it does: Adds DKIM signatures so recipients can verify messages were authorized by your domain.
Why it matters: Improves deliverability and reduces spoofing risk.
Practical benefit: Many mailbox providers expect DKIM for bulk/transactional sending.
Caveats: Requires publishing DKIM DNS records; record names/values depend on SES-generated tokens.

6.5 Custom MAIL FROM domain (SPF alignment)

What it does: Lets you configure a custom MAIL FROM domain so SPF alignment and bounce handling use your domain instead of a default.
Why it matters: DMARC alignment (SPF/DKIM) is increasingly important.
Practical benefit: Better domain alignment and brand consistency.
Caveats: Requires additional DNS records (MX and SPF). Verify exact record requirements in official docs.

6.6 Email receiving (inbound)

What it does: Receives email for your domains and processes it through receipt rules.
Why it matters: Turns inbound email into automation inputs.
Practical benefit: Store original emails in S3; trigger Lambda for parsing; notify via SNS.
Caveats: Inbound setup requires MX records pointing to SES inbound endpoints for a Region; inbound pricing and limitations apply.

6.7 Configuration sets

What it does: A container to apply event publishing and other per-email settings.
Why it matters: Standardizes telemetry and routing for different email streams (e.g., “password-reset” vs “newsletter”).
Practical benefit: Cleaner analytics and operational separation.
Caveats: Must be referenced in send requests; misconfiguration leads to missing events.

6.8 Event publishing (delivery, bounce, complaint, etc.)

What it does: Publishes sending outcomes to destinations such as SNS or streaming services (destination options depend on API version and Region—verify).
Why it matters: Required for automated suppression, alerting, and deliverability monitoring.
Practical benefit: Build dashboards and automated workflows based on delivery events.
Caveats: Event delivery is typically near-real-time but not guaranteed; design idempotent processing.

6.9 Suppression list management

What it does: Helps prevent sending to addresses associated with bounces/complaints.
Why it matters: Protects sender reputation and reduces waste.
Practical benefit: Avoid repeated sends to known-bad addresses.
Caveats: Understand the difference between account-level suppression and any provider-managed suppression behavior; verify current behavior in docs.

6.10 Dedicated IP options (where available)

What it does: Allows sending from dedicated IP addresses instead of shared pools (naming/offerings can vary—verify).
Why it matters: Gives more direct control over reputation for high-volume senders.
Practical benefit: Reduce “noisy neighbor” risk when sending at scale.
Caveats: Additional cost; you must manage warm-up and reputation practices.

6.11 Email templates

What it does: Store subject/body templates and render them with dynamic data.
Why it matters: Reduces duplicated email formatting code across services.
Practical benefit: Consistent branding and safer updates.
Caveats: Template features differ between API versions; confirm template limits and rendering behavior.

6.12 Sending limits, quotas, and sandbox

What it does: Controls daily send quota and per-second throughput; sandbox restricts recipients.
Why it matters: Prevent abuse and protect service reputation.
Practical benefit: Clear operational boundaries; upgrade path to production.
Caveats: You may need to request limit increases and production access.

7. Architecture and How It Works

High-level architecture

At a high level: 1. You verify an identity (domain or email). 2. Your application sends email via SES API or SMTP. 3. SES attempts delivery and generates events (delivery/bounce/complaint/reject). 4. Events are published to destinations for monitoring and automation. 5. For inbound email, SES receives mail and applies receipt rules to store/process it.

Request/data/control flow

Control plane: Identity verification, DKIM setup, configuration sets, receipt rules, quotas—managed via console/API and audited in CloudTrail.
Data plane: The actual email send/receive operations and event streams.

Integrations with related AWS services

Common patterns: – SNS/SQS/Lambda for bounce/complaint handling workflows – S3 + Lambda for inbound email processing and archiving – CloudWatch for metrics and alarms (and/or event pipeline metrics downstream) – KMS to encrypt S3 objects and SNS topics – Event-driven automation using Lambda/Step Functions triggered by notifications (design depends on event destination support)

Dependency services (typical)

Route 53 (or any DNS provider) to publish verification/DKIM/MAIL FROM/DMARC records
IAM for send permissions and SMTP credentials
CloudTrail for audit
Optional: SNS/SQS/Lambda/S3/CloudWatch

Security/authentication model

API sending: SigV4-signed requests using IAM principal permissions (ses:SendEmail, etc.).
SMTP sending: SMTP credentials generated from IAM (treated as secrets); network path uses TLS-capable SMTP endpoints.
Identity authorization: You can only send from verified identities (and in sandbox, typically only to verified recipients).

Networking model

SES is accessed through regional service endpoints over the network (HTTPS for API; SMTP for SMTP interface).
Your applications may run in VPCs, but SES itself is a managed service; ensure outbound network access to SES endpoints.
If you require private connectivity patterns, verify in official docs whether AWS PrivateLink/VPC endpoints are supported for your specific SES interfaces and Regions.

Monitoring/logging/governance considerations

CloudTrail: Track configuration and sending API usage for auditing.
CloudWatch: Monitor metrics and alarms (e.g., bounce rate thresholds).
Event pipelines: Store SES sending events centrally (S3/data lake) to analyze trends.
Tagging: Apply consistent tags to configuration sets and resources where supported; also use message tags for analytics.

Simple architecture diagram (Mermaid)

flowchart LR
  App[Application on AWS] -->|SendEmail API / SMTP| SES[Amazon Simple Email Service (Amazon SES)]
  SES -->|Delivery/Bounce/Complaint Events| SNS[Amazon SNS Topic]
  SNS --> Ops[Ops Email / SQS / Lambda Consumer]

Production-style architecture diagram (Mermaid)

flowchart TB
  subgraph DNS[DNS Provider / Route 53]
    DKIM[DKIM Records]
    SPF[SPF + MAIL FROM Records]
    DMARC[DMARC Policy Record]
  end

  subgraph AWS[AWS Account]
    App[Microservices / Lambda]
    SES[Amazon Simple Email Service (Amazon SES)]
    SNS[Amazon SNS]
    SQS[Amazon SQS]
    Worker[Lambda / Container Worker]
    CW[Amazon CloudWatch Alarms]
    CT[CloudTrail]
    S3[S3 (Event Archive / Inbound Mail)]
    KMS[AWS KMS]
  end

  DNS --> SES

  App -->|IAM-auth SendEmail + config set| SES
  SES -->|Events| SNS
  SNS --> SQS
  SQS --> Worker
  Worker -->|Update CRM / Suppression / Ticketing| App

  SES -->|Metrics| CW
  SES -->|API audit| CT

  SES -->|Inbound mail (optional)| S3
  S3 -->|trigger| Worker
  KMS --- S3

8. Prerequisites

Before starting, ensure the following.

AWS account requirements

An active AWS account with billing enabled.
Access to an AWS Region where Amazon Simple Email Service (Amazon SES) is available. (Region availability can vary—verify in official docs.)

Permissions / IAM

Minimum recommended for the hands-on lab: – Permission to manage SES identities and send emails. – Permission to create and manage an SNS topic and subscription (for event publishing demo). – Permission to view CloudWatch metrics and CloudTrail logs (optional but recommended).

Example IAM permissions you may need (scope down in real environments): – ses:CreateEmailIdentity, ses:DeleteEmailIdentity, ses:GetEmailIdentity – ses:SendEmail (and optionally ses:SendRawEmail if you send MIME) – ses:CreateConfigurationSet, ses:DeleteConfigurationSet – ses:CreateConfigurationSetEventDestination, ses:DeleteConfigurationSetEventDestination – sns:CreateTopic, sns:Subscribe, sns:SetTopicAttributes, sns:Publish, sns:DeleteTopic – cloudwatch:GetMetricData, cloudwatch:ListMetrics (optional) – cloudtrail:LookupEvents (optional)

Billing requirements

SES and SNS are usage-based. Even small labs can incur small charges.
You are responsible for any costs from SNS delivery, S3 storage, Lambda invocations, and data transfer.

CLI/SDK/tools needed

AWS CLI v2 (recommended)
One of:
A terminal environment with network access to AWS endpoints
Or AWS CloudShell
Optional: Python 3 + boto3 for SDK examples

Quotas/limits to understand

SES sandbox: often restricts sending to verified identities only and limits throughput until you request production access.
Sending quotas: daily/second rate vary per account and Region and can be increased via request.

Prerequisite services

For this tutorial lab: – Amazon SES – Amazon SNS – (Optional) Route 53 / DNS provider if you do domain verification (the lab below uses email identity to keep it beginner-friendly and low-risk)

9. Pricing / Cost

Amazon Simple Email Service (Amazon SES) pricing is usage-based and varies by Region. Always reference the official pricing page for the Region you use.

Official pricing page: https://aws.amazon.com/ses/pricing/
AWS Pricing Calculator: https://calculator.aws/#/

Pricing dimensions (typical)

Costs can include: – Emails sent (outbound) — priced per number of messages. – Data/size — some pricing models account for message size/attachments. – Emails received (inbound) — priced per message received, plus downstream processing/storage. – Dedicated IP / advanced deliverability features — if you enable add-ons or dedicated IP options, these usually have recurring charges (verify current offerings and names in your Region). – Downstream services: – SNS notifications (requests/deliveries) – S3 storage for inbound email or event archives – Lambda invocations for processing – KMS requests for encryption – CloudWatch metrics/alarms (depending on usage)

Free tier (if applicable)

AWS has historically offered a free tier for a certain number of emails sent when triggered from specific AWS compute (for example, from Amazon EC2). Free tier rules can change and may be Region-dependent—verify current eligibility on the official pricing page.

Cost drivers (what makes bills grow)

High outbound volume (newsletters, product updates, notifications)
Large attachments / heavy MIME emails
High inbound volume (support mailboxes receiving many messages)
Event publishing pipelines storing every event long-term (S3 storage + processing)
Dedicated IP usage and deliverability add-ons

Hidden or indirect costs

Data transfer: If your app runs outside AWS or in a different Region, network egress/ingress charges may apply.
SNS to HTTP(S) deliveries, SQS polling, Lambda runtime costs.
Long retention of inbound emails in S3, plus KMS request costs for encrypted objects.
Operational overhead: time spent maintaining suppression logic, compliance, and monitoring.

How to optimize cost

Use templates to reduce retries caused by formatting errors.
Track bounces/complaints and suppress bad addresses quickly.
Avoid sending large attachments where possible; use download links to S3 (with signed URLs) instead.
Store raw inbound emails only as long as needed; apply S3 lifecycle policies.
Use configuration sets and tags to attribute costs by team/app.

Example low-cost starter estimate (no fabricated numbers)

For a small dev environment: – Outbound: a few hundred transactional emails/month – Inbound: none – Event publishing: minimal Your cost is generally dominated by “per email” charges (if any after free tier) plus negligible SNS costs.

A simple way to estimate: – monthly_cost ≈ (emails_sent × price_per_email) + (events_published × destination_costs)

Use the AWS Pricing Calculator to model: – expected number of outbound messages – expected average message size (if relevant) – whether you will receive inbound mail – downstream services (SNS/S3/Lambda)

Example production cost considerations

For a production Business applications platform: – Separate cost centers for transactional vs bulk streams (different configuration sets) – Add cost for: – event pipelines (SNS/SQS/Lambda) – analytics storage (S3, Athena) – dedicated IP or deliverability features (if enabled) – Build dashboards to track: – cost per email stream – bounce/complaint rate (reducing these reduces wasted spend)

10. Step-by-Step Hands-On Tutorial

This lab is designed to be beginner-friendly, executable, and low-risk. It uses the SES sandbox-friendly path: verify email identities and send between them.

If you want to send to unverified recipients, you typically must request production access / move out of sandbox for your Region. The exact process can change—follow the SES console guidance and AWS documentation.

Objective

Verify an email identity in Amazon Simple Email Service (Amazon SES)
Create an SNS topic and configure SES event publishing via a configuration set
Send a test email using AWS CLI (SES v2)
Validate delivery signals
Clean up resources to avoid ongoing cost

Lab Overview

You will create: – SES Email identity (sender) – SNS topic + email subscription (to view SES events) – SES configuration set + event destination to SNS – A test send using AWS CLI

Expected outcome: You successfully send an email through Amazon Simple Email Service (Amazon SES) and (optionally) receive SES event notifications via SNS.

Step 1: Choose a Region and prepare variables

Pick a single AWS Region and stick to it for the entire lab.

Confirm your AWS CLI identity:

aws sts get-caller-identity

Set environment variables (replace values):

export AWS_REGION="us-east-1"     # choose your Region
export SENDER_EMAIL="sender@example.com"
export RECIPIENT_EMAIL="recipient@example.com"
export SES_CONFIG_SET="ses-lab-configset"
export SES_EVENT_DEST="ses-lab-sns-dest"
export SNS_TOPIC_NAME="ses-lab-events"

Expected outcome: Your CLI is authenticated and you have a Region selected.

Step 2: Verify the sender (and recipient) email identities

In SES sandbox, you commonly need both sender and recipient verified.

Option A (Console): verify email address

Open SES console in your Region: – https://console.aws.amazon.com/ses/
Go to Identities.
Choose Create identity → Email address.
Enter SENDER_EMAIL and create.
Repeat for RECIPIENT_EMAIL.

SES will send verification emails; click the verification links.

Option B (CLI): create email identity (still requires clicking email link)

aws sesv2 create-email-identity \
  --region "$AWS_REGION" \
  --email-identity "$SENDER_EMAIL"

Repeat for recipient:

aws sesv2 create-email-identity \
  --region "$AWS_REGION" \
  --email-identity "$RECIPIENT_EMAIL"

Verify status (CLI):

aws sesv2 get-email-identity \
  --region "$AWS_REGION" \
  --email-identity "$SENDER_EMAIL"

Look for fields indicating verification status.

Expected outcome: Both email identities show as verified in the SES console (or via API response), after you click the verification links.

Common pitfall: If you skip verification, sending will fail with an error similar to “Email address is not verified”.

Step 3: Create an SNS topic and email subscription for events

Create SNS topic:

SNS_TOPIC_ARN=$(
  aws sns create-topic \
    --region "$AWS_REGION" \
    --name "$SNS_TOPIC_NAME" \
    --query 'TopicArn' --output text
)
echo "$SNS_TOPIC_ARN"

Subscribe your email (you can use RECIPIENT_EMAIL or another inbox you control):

aws sns subscribe \
  --region "$AWS_REGION" \
  --topic-arn "$SNS_TOPIC_ARN" \
  --protocol email \
  --notification-endpoint "$RECIPIENT_EMAIL"

Confirm the SNS subscription: – Check your inbox for an SNS confirmation email. – Click Confirm subscription.

Expected outcome: SNS subscription shows as confirmed in the SNS console.

Why this matters: SES will publish events to SNS; SNS will forward them to your email subscription.

Step 4: Create an SES configuration set

Configuration sets help you attach telemetry and routing to your sends.

aws sesv2 create-configuration-set \
  --region "$AWS_REGION" \
  --configuration-set-name "$SES_CONFIG_SET"

Expected outcome: The configuration set exists and is visible in SES console under configuration sets.

Step 5: Attach an SES event destination (SNS) to the configuration set

Create an event destination that publishes selected SES events to your SNS topic.

aws sesv2 create-configuration-set-event-destination \
  --region "$AWS_REGION" \
  --configuration-set-name "$SES_CONFIG_SET" \
  --event-destination-name "$SES_EVENT_DEST" \
  --event-destination "{
    \"Enabled\": true,
    \"MatchingEventTypes\": [\"SEND\",\"DELIVERY\",\"BOUNCE\",\"COMPLAINT\",\"REJECT\"],
    \"SnsDestination\": {\"TopicArn\": \"$SNS_TOPIC_ARN\"}
  }"

Expected outcome: Event destination is created. SES will publish those event types to SNS for emails sent with this configuration set.

Note: Event type names and availability can vary by SES API version and Region. If this command fails with validation errors, check the SES v2 documentation for the valid event types for your Region.

Step 6: Send a test email using SES v2 (AWS CLI)

Send an email from the verified sender to the verified recipient, attaching the configuration set.

aws sesv2 send-email \
  --region "$AWS_REGION" \
  --from-email-address "$SENDER_EMAIL" \
  --destination "ToAddresses=$RECIPIENT_EMAIL" \
  --content "Simple={
    Subject={Data='SES Lab: Test Email',Charset='UTF-8'},
    Body={Text={Data='Hello from Amazon Simple Email Service (Amazon SES)!',Charset='UTF-8'}}
  }" \
  --configuration-set-name "$SES_CONFIG_SET"

Expected outcome: – The CLI returns a MessageId. – You receive the email in the recipient inbox (may take a short time). – You may also receive SNS event notifications (SEND/DELIVERY, etc.) in the subscribed inbox.

Step 7: Validate results

Validation A: Confirm the email was received

Check recipient mailbox.
Check spam/junk folder if it doesn’t appear quickly.

Validation B: Check SES sending statistics (Console)

SES console → Sending statistics (or equivalent in your console view)
Confirm your send attempt is reflected.

Validation C: Confirm SNS notifications arrived

Check the subscribed email inbox for SNS messages.
You should see structured event JSON (or a formatted notification depending on SNS email delivery).

Expected outcome: At least one event (typically SEND and/or DELIVERY) appears.

Troubleshooting

Common issues and fixes:

MessageRejected / “Email address not verified” – Cause: Sender or recipient not verified (in sandbox). – Fix: Verify both identities; ensure you are using the same Region.
No SNS notifications – Cause: SNS email subscription not confirmed, or configuration set not attached to send request. – Fix: Confirm subscription; ensure --configuration-set-name is included.
Wrong Region – Cause: Identities and configuration sets are typically Region-scoped. – Fix: Ensure SES identity, configuration set, SNS topic, and send command are all in the same Region.
Throttling / rate exceeded – Cause: Account sending rate limits. – Fix: Retry with backoff; request quota increases if needed.
Delivered but landing in spam – Cause: Missing domain authentication or poor content/link reputation. – Fix: For production: use domain identity + DKIM + DMARC policy alignment; avoid spam-like content; monitor complaints.

Cleanup

To avoid ongoing costs and reduce clutter, delete what you created.

Delete event destination:

aws sesv2 delete-configuration-set-event-destination \
  --region "$AWS_REGION" \
  --configuration-set-name "$SES_CONFIG_SET" \
  --event-destination-name "$SES_EVENT_DEST"

Delete configuration set:

aws sesv2 delete-configuration-set \
  --region "$AWS_REGION" \
  --configuration-set-name "$SES_CONFIG_SET"

Delete SES email identities:

aws sesv2 delete-email-identity \
  --region "$AWS_REGION" \
  --email-identity "$SENDER_EMAIL"

aws sesv2 delete-email-identity \
  --region "$AWS_REGION" \
  --email-identity "$RECIPIENT_EMAIL"

Delete SNS topic (this removes subscriptions too):

aws sns delete-topic \
  --region "$AWS_REGION" \
  --topic-arn "$SNS_TOPIC_ARN"

Expected outcome: Resources are deleted and you stop incurring any ongoing charges related to SNS topic usage.

11. Best Practices

Architecture best practices

Separate email streams: Use different configuration sets for transactional vs bulk to isolate monitoring and reputation signals.
Design for idempotency: Bounce/complaint event processing should be idempotent (duplicate events can happen).
Centralize governance: In multi-account environments, standardize domain identities, DKIM, and event handling.

IAM/security best practices

Least privilege: Restrict ses:SendEmail permissions to specific identities and configuration sets where feasible.
Separate roles per environment: Dev/stage/prod should have distinct identities and permissions.
Protect SMTP credentials: Store them in AWS Secrets Manager; rotate regularly; restrict who can read them.

Cost best practices

Suppress quickly: Remove or suppress addresses that bounce/complain to reduce waste.
Avoid large attachments: Use links to downloads rather than embedding large files.
Use S3 lifecycle policies for inbound email archives and event data.

Performance best practices

Batch thoughtfully: For bulk mail, control concurrency and handle SES throttling with exponential backoff.
Prefer API for structured metadata: Use message tags/config sets for analytics and routing.

Reliability best practices

Retries with backoff: Handle transient errors and throttling.
Multi-Region strategy (if needed): For critical notifications, consider a multi-Region failover approach (this requires duplicated identities/config and careful DNS/auth planning—verify feasibility in official docs).
Monitor bounce/complaint rates: Sudden spikes can indicate list quality issues or abuse.

Operations best practices

Event-driven monitoring: Stream events to an ops pipeline and alert on anomalies.
Runbooks: Document how to respond to reputation drops, bounces, and complaints.
Change control: DNS/authentication changes (DKIM/MAIL FROM/DMARC) should be reviewed and tracked.

Governance/tagging/naming best practices

Name configuration sets clearly: prod-transactional, prod-bulk, staging-test.
Use message tags (where supported) for app, environment, email_type, tenant_id.
Resource tagging: Tag SNS topics, SQS queues, and S3 buckets used for SES pipelines.

12. Security Considerations

Identity and access model

Use IAM policies to restrict who can:
send emails
create/modify identities
manage configuration sets and event destinations
Avoid giving application code broad SES admin permissions.

Encryption

In transit: Use TLS for SMTP; HTTPS for API calls.
At rest: SES itself is managed, but you control encryption for:
SNS topics (server-side encryption where supported)
S3 buckets storing inbound emails (SSE-S3 or SSE-KMS)
Logs and event archives

Network exposure

SES endpoints are typically accessed over the network from your workloads.
Control outbound traffic with egress controls, and restrict where SMTP/API calls can originate.
If private connectivity is required, verify official guidance on supported endpoint types for SES in your Region.

Secrets handling

Treat SMTP credentials as sensitive secrets:
store in AWS Secrets Manager or Parameter Store (SecureString)
rotate and restrict access via IAM
Do not hard-code credentials in code repositories.

Audit/logging

Enable and monitor CloudTrail for SES and SNS actions.
Log application-level send requests and store message IDs for correlation (avoid logging sensitive message content).

Compliance considerations

Email can contain personal data. For regulated workloads:
implement data minimization
control retention of inbound emails in S3
ensure encryption, access logging, and least privilege
DMARC policies help reduce spoofing of your domain, which is a security and brand protection control.

Common security mistakes

Allowing broad ses:* to application roles
Not setting up DKIM/DMARC and suffering spoofing or deliverability issues
Storing SMTP credentials in plain text or in container images
Sending sensitive content without considering mailbox retention and forwarding risks

Secure deployment recommendations

Use domain identity + DKIM for production.
Implement automated suppression based on bounce/complaint events.
Use separate subdomains for different mail streams (e.g., notify.example.com vs news.example.com) when appropriate, and align authentication.

13. Limitations and Gotchas

Be aware of these common constraints (exact values vary by Region/account and change over time).

Known limitations / quotas

Sandbox restrictions: Often requires verifying both sender and recipient identities.
Sending quotas: Daily and per-second limits are enforced per Region.
API limits: Throttling can occur; design retries and backoff.

Regional constraints

Not every SES feature is available in every Region.
Inbound receiving endpoints and features may vary—verify Region support before committing to an architecture.

Pricing surprises

Event pipelines can generate large volumes:
SNS notifications
SQS storage and processing
S3 archives and analytics scans
Inbound email storage + retention can grow over time without lifecycle policies.

Compatibility issues

Some legacy systems may require specific SMTP ports or TLS configurations; ensure your network allows outbound connections to the SES SMTP endpoint.

Operational gotchas

DNS propagation delays: DKIM/verification records can take time.
Spam folder delivery: “Delivered” does not guarantee inbox placement.
Reputation management: Poor list hygiene can lead to elevated bounces/complaints and reduced deliverability.

Migration challenges

Migrating from another provider requires careful:
domain authentication parity (DKIM alignment)
IP warm-up (if using dedicated IP)
monitoring and suppression logic
Cutover planning should include phased traffic shifting and deliverability comparisons.

Vendor-specific nuances

SES is an infrastructure service; for advanced marketing workflows you may need additional tooling.

14. Comparison with Alternatives

Amazon SES competes with other AWS messaging services and third-party email providers. Your choice depends on whether you need raw email infrastructure, multi-channel marketing, or simple notifications.

Comparison table

Option	Best For	Strengths	Weaknesses	When to Choose
Amazon Simple Email Service (Amazon SES)	Transactional and bulk email, inbound email pipelines	AWS-native IAM, API+SMTP, event publishing, inbound rules	Marketing automation features are limited compared to dedicated platforms	You want email infrastructure tightly integrated with AWS and programmable pipelines
Amazon SNS (email notifications)	Simple alerts to a few recipients	Very simple pub/sub, fast setup	Limited email formatting/control, not designed for deliverability analytics	You need basic notifications, not a full email platform
Amazon Pinpoint (AWS)	Multi-channel customer engagement (email/SMS/push)	Campaigns/segmentation/journeys (verify current scope)	Different focus; may add complexity if you only need SMTP/API sending	You need marketing engagement tooling beyond email infrastructure
Amazon WorkMail	Human email mailboxes and calendars	Managed mailboxes, user productivity	Not for application bulk/transactional sending	You need corporate mailboxes, not app-driven email
Twilio SendGrid / Mailgun / Postmark	SaaS email delivery platforms	Mature deliverability tooling, dashboards, templates	External vendor, different IAM model, data residency considerations	You want a specialized email SaaS and accept vendor integration
Azure Communication Services – Email	Email sending for Azure-hosted apps	Azure-native integration	Not AWS-native; cross-cloud complexity	Your stack is primarily Azure-based
Google (email delivery options)	Apps on Google Cloud	GCP integration	Cross-cloud complexity	Your stack is primarily GCP-based
Self-managed Postfix/Exim + inbound processing	Full control, custom policies	Maximum control, on-prem capable	High operational burden, deliverability challenges	You must self-host for strict constraints and accept the ops cost

15. Real-World Example

Enterprise example: Financial services transactional communications

Problem: A financial services portal must send secure transactional emails (login alerts, statements available notifications) with strong auditing and deliverability monitoring.
Proposed architecture:
Domain identity with DKIM and DMARC policy (p=quarantine/p=reject after validation)
Separate configuration sets for:
- security alerts
- statements notifications
- customer support notifications
Event publishing to SNS → SQS → processing service that:
- writes delivery events to a data lake (S3)
- updates customer contact status (suppress repeated bounces)
CloudWatch alarms on bounce/complaint rates and send failures
CloudTrail monitoring for unauthorized configuration changes
Why Amazon Simple Email Service (Amazon SES) was chosen:
AWS-native security (IAM/CloudTrail)
Strong integration with existing AWS workloads
Clear separation of streams and operational telemetry
Expected outcomes:
Reduced email operational overhead
Better incident response via event-driven monitoring
Improved compliance posture through auditing and encryption of stored data

Startup/small-team example: SaaS onboarding and password resets

Problem: A small SaaS needs reliable onboarding and password reset emails without running mail servers.
Proposed architecture:
Start in SES sandbox in dev
Verify domain identity for production
Use a single configuration set with SNS event publishing
Lambda consumer updates a simple suppression table on bounces/complaints
Why Amazon Simple Email Service (Amazon SES) was chosen:
Low operational burden
Easy SDK integration
Ability to grow into more advanced monitoring as volume increases
Expected outcomes:
Faster onboarding email delivery
Fewer support tickets caused by missing password reset emails
Clear visibility into bounce/complaint issues

16. FAQ

1) Is Amazon Simple Email Service (Amazon SES) only for bulk email?

No. SES is widely used for transactional email (verification, password resets) and also supports bulk sending. Many teams use separate configuration sets and subdomains to separate streams.

2) What’s the difference between SES API and SMTP?

API: Better for programmatic control, metadata, and AWS-native auth (IAM).
SMTP: Best for legacy apps/tools already built around SMTP.

3) Why do I need to “verify” an identity?

Verification proves you control the email address or domain and authorizes SES to send from it, reducing abuse and improving trust.

4) What is the SES sandbox?

A restricted mode typically applied to new SES accounts/Regions. Commonly, you can only send from and to verified identities and you have low quotas. Move to production by following AWS’s process (verify in official docs).

5) Do I need DKIM?

For production sending, DKIM is strongly recommended. It improves authentication and deliverability and supports DMARC alignment.

6) Does SES set up DMARC for me?

No. DMARC is a DNS policy record you publish at your domain. SES helps with DKIM and can support SPF alignment via MAIL FROM configuration, but DMARC is your responsibility.

7) Can I receive emails with SES?

Yes, SES supports inbound email receiving in supported Regions using receipt rules that can store messages in S3, invoke Lambda, or notify SNS (verify current options in your Region).

8) How do I handle bounces and complaints?

Enable event publishing (via configuration sets) and process bounce/complaint events to suppress addresses and alert operations.

9) Can I send attachments?

Yes, typically by using raw/MIME sending APIs (for example, SendRawEmail or SES v2 equivalents). Attachments increase message size and can increase cost and spam risk.

10) How do I prevent staging environments from emailing real customers?

Use separate AWS accounts or separate SES identities and IAM policies. Keep staging in sandbox and only verify internal recipients.

11) Can multiple applications share one SES domain identity?

Yes, but implement governance: – restrict who can send from which identities – separate configuration sets – centralize bounce/complaint processing

12) Does SES guarantee inbox placement?

No. SES attempts delivery to the recipient mail system, but inbox placement depends on reputation, authentication, content, and recipient rules.

13) What are configuration sets used for?

They attach telemetry and routing (event destinations) to sends and help you organize monitoring and analytics by email stream.

14) How do I estimate SES cost?

Use the AWS Pricing Calculator and model: – outbound volume – average size – inbound volume (if applicable) – downstream services like SNS, S3, Lambda

15) Can SES be used outside AWS (from on-prem or another cloud)?

Yes, you can call SES public endpoints from anywhere that can reach AWS endpoints, subject to your security requirements and network policy.

16) How do I rotate SMTP credentials?

SMTP credentials are derived from IAM credentials; rotate by generating new SMTP credentials (per AWS process) and updating your secret store. Prefer Secrets Manager and automation.

17) Should I use a subdomain for email (e.g., `mail.example.com`)?

Often yes. Many organizations use subdomains to isolate reputation and simplify DNS/authentication management, especially when separating transactional vs marketing streams.

17. Top Online Resources to Learn Amazon Simple Email Service (Amazon SES)

Resource Type	Name	Why It Is Useful
Official documentation	Amazon SES Developer Guide	Core concepts, sending/receiving, identities, DKIM, limits: https://docs.aws.amazon.com/ses/
Official API reference	Amazon SES API v2 Reference	Precise request/response shapes for CLI/SDK usage: https://docs.aws.amazon.com/ses/latest/APIReference-V2/
Official pricing	Amazon SES Pricing	Region-specific pricing dimensions: https://aws.amazon.com/ses/pricing/
Cost estimation	AWS Pricing Calculator	Build scenario-based estimates: https://calculator.aws/#/
Official console	Amazon SES Console	Manage identities, configuration sets, and monitoring: https://console.aws.amazon.com/ses/
Deliverability guidance	AWS SES Best Practices (official docs section)	Authentication, list hygiene, bounce/complaint handling (find within SES docs): https://docs.aws.amazon.com/ses/
Official IAM reference	SES IAM Actions/Resources/Condition Keys	Design least-privilege policies: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonses.html
Official security logging	AWS CloudTrail User Guide	Audit SES changes and sends: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/
Official SNS docs	Amazon SNS Developer Guide	Event destinations and notification handling: https://docs.aws.amazon.com/sns/latest/dg/
SDK examples	AWS SDKs and Tools	Language-specific email sending examples: https://aws.amazon.com/developer/tools/
Official samples (GitHub)	AWS Samples on GitHub (search SES)	Practical reference implementations (verify repository trust): https://github.com/aws-samples

18. Training and Certification Providers

The following providers may offer training related to AWS, DevOps, and cloud operations that can include Amazon Simple Email Service (Amazon SES). Verify current course availability and delivery mode on each website.

Institute	Suitable Audience	Likely Learning Focus	Mode	Website URL
DevOpsSchool.com	Beginners to professionals	AWS/DevOps foundations, cloud operations practices	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Developers, DevOps learners	DevOps, CI/CD, cloud tooling	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud ops and platform teams	Cloud operations, automation, monitoring	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs, operations engineers	Reliability engineering, monitoring, incident response	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops and platform teams	AIOps concepts, monitoring automation	Check website	https://www.aiopsschool.com/

19. Top Trainers

These sites appear to provide trainer profiles, training services, or related resources. Verify current offerings directly.

Platform/Site	Likely Specialization	Suitable Audience	Website URL
RajeshKumar.xyz	DevOps/AWS guidance (verify scope)	Beginners to intermediate engineers	https://rajeshkumar.xyz/
devopstrainer.in	DevOps training resources	DevOps engineers, SREs	https://www.devopstrainer.in/
devopsfreelancer.com	Freelance DevOps help/training resources	Teams needing short-term expertise	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and enablement resources	Operations teams, platform teams	https://www.devopssupport.in/

20. Top Consulting Companies

These organizations may provide consulting relevant to AWS and email platform implementations. Descriptions are general; confirm capabilities and service details directly.

Company	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website URL
cotocus.com	Cloud/DevOps consulting (verify exact scope)	Architecture, migration, operations	SES sending architecture review; event pipeline design; IAM hardening	https://cotocus.com/
DevOpsSchool.com	DevOps and cloud consulting/training	Platform enablement, best practices	Implement SES domain authentication; CI/CD for infrastructure; monitoring & runbooks	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting services (verify scope)	DevOps processes, automation	Build SES bounce processing with SNS/SQS; secure SMTP credential management	https://devopsconsulting.in/

21. Career and Learning Roadmap

What to learn before Amazon Simple Email Service (Amazon SES)

Email fundamentals:
SMTP basics, MIME structure
SPF/DKIM/DMARC concepts
Bounce vs complaint vs reject
AWS fundamentals:
IAM users/roles/policies
CloudTrail basics
SNS/SQS/Lambda basics for event-driven design
DNS basics:
TXT/CNAME/MX records
TTL and propagation

What to learn after Amazon Simple Email Service (Amazon SES)

Deliverability engineering:
list hygiene, engagement signals, segmentation
content and link reputation
Observability and data:
storing events in S3, querying with Athena
dashboards and alerting for email KPIs
Security and compliance:
encryption patterns, retention, auditing
incident response for spoofing and abuse

Job roles that use it

Cloud Engineer / DevOps Engineer
Solutions Architect
Backend Engineer
SRE / Operations Engineer
Security Engineer (domain protection, IAM governance)

Certification path (AWS)

SES is typically covered as part of broader AWS knowledge rather than a standalone certification. Relevant AWS certifications to consider: – AWS Certified Cloud Practitioner (foundational) – AWS Certified Solutions Architect – Associate/Professional – AWS Certified Developer – Associate – AWS Certified SysOps Administrator – Associate Always verify current certification outlines on the AWS Training and Certification site.

Project ideas for practice

Build a transactional email microservice with SES API + templates.
Implement bounce/complaint handling: SES → SNS → SQS → Lambda updates a DynamoDB suppression table.
Create an inbound email parser: SES inbound → S3 → Lambda extracts attachments and metadata.
Add governance: least-privilege IAM policies scoped to identities and configuration sets.
Build a deliverability dashboard: store events in S3 and query with Athena.

22. Glossary

Amazon Simple Email Service (Amazon SES): AWS managed service for sending and receiving email.
Identity: A verified domain or email address authorized to send mail via SES.
DKIM (DomainKeys Identified Mail): Cryptographic email authentication using DNS-published public keys.
SPF (Sender Policy Framework): DNS-based policy indicating which servers can send mail for a domain.
DMARC: Policy that tells receivers how to handle messages failing SPF/DKIM and provides reporting.
MAIL FROM domain: Envelope sender domain used in SMTP; configuring it can improve SPF alignment.
Configuration set: SES resource attached to outbound emails to control telemetry and event publishing.
Event destination: Target integration (e.g., SNS) where SES publishes sending events.
Bounce: Delivery failure (often invalid address or mailbox full).
Complaint: Recipient marks your email as spam; a strong negative signal.
Suppression list: List of addresses you should not send to due to bounces/complaints.
SMTP: Protocol used to send email between servers and from clients to servers.
MIME: Standard defining email body structure (text/HTML/attachments).
CloudTrail: AWS service logging API activity for audit and governance.
SNS (Simple Notification Service): Pub/sub messaging service used for notifications and fanout.
SQS (Simple Queue Service): Message queue used to buffer and reliably process events.
S3 (Simple Storage Service): Object storage often used to store inbound mail and event archives.

23. Summary

Amazon Simple Email Service (Amazon SES) is AWS’s managed email platform for sending and receiving email—a foundational building block for Business applications that need reliable transactional messaging, scalable bulk sends, and inbound email automation.

It matters because it replaces fragile self-managed mail infrastructure with an AWS-integrated service using IAM for access control, DNS-based authentication (DKIM/SPF/DMARC alignment) for deliverability and brand protection, and event publishing for operational monitoring and automated suppression.

From a cost perspective, SES is usage-based; your biggest cost drivers are outbound volume, inbound volume, event pipelines, storage/retention, and any dedicated IP/deliverability add-ons (verify current offerings and prices by Region). From a security perspective, prioritize least-privilege IAM, secret management for SMTP credentials, CloudTrail auditing, and strong domain authentication.

Use Amazon Simple Email Service (Amazon SES) when you need AWS-native, programmatic email infrastructure. Next, deepen your skills by implementing bounce/complaint automation and building a monitoring dashboard using SES events plus SNS/SQS and CloudWatch.

Category