1. Home
  2. Training Library
  3. Amazon Web Services
  4. Courses
  5. AWS Solutions Architect Associate Level Certification Course: Part 3 of 3

SES: Simple Email Service

Start course
1h 10m

AWS Solutions Architect Associate Level Certification Course - Part 3 of 3

Having completed parts one and two of our AWS certification series, you should now be familiar with basic AWS services and some of the workings of AWS networking. This final course in our three-part certification exam preparation series focuses on data management and application and services deployment.

Who should take this course?

This is an advanced course that's aimed at people who already have some experience with AWS and a familiarity with the general principles of architecting cloud solutions.

Where will you go from here?

The self-testing quizzes of the AWS Solutions Architect Associate Level prep materialis a great follow up to this series...and a pretty good indicator of your readiness to take the AWS exam. Also, since you're studying for the AWS certification, check out our AWS Certifications Study Guide on our blog.


There are all kinds of reasons your company might want to send out lots of emails. Perhaps you want to automate purchase confirmation notifications to your customers or redirect data generated on an EC2 Instance to a group of recipients who have subscribed to it. Maybe you've got a regular newspaper you'd like to push to a list of eager readers. In any case, setting up a robust and reliable outgoing mail service can be complicated, time consuming and sometimes quite expensive.

Because of the ongoing battle against spam, tweaking your service so that your emails aren't treated with suspicion by recipient systems and subsequently filtered or blocked can be a particularly tricky hit and miss effort. And earning the trust of ISPs is not a quick process.

Building a successful email service involves examining and controlling the content, timing and volume of your outgoing emails. To keep track of email delivery failures, like non-existent recipient addressees or complaints, emails that trigger spam alerts, you'll have to set up feedback loops for individual ISPs.

And all that's besides the actual mechanics of SMPT configuration. Because of its market position, design and experience, AWS's SES can do all that for you, plus provide SNS integrated notifications and real-time access to your delivery metrics. While SES pricing is very competitive, it isn't free. Having said that, up to 62,000 messages per month to any recipient when Amazon SES is called from an Amazon EC2 Instance or through AWS Elastic Beanstalk, are considered part of the free tier.

And that's besides their new customer free usage tier discounts. Note, data transfer beyond one gigabyte per month an attachment fees still apply. Beyond that, email messages are charged at 10 cents per 1,000. Data transfer in is free, data transfer out is nine cents per gigabyte, so the first 10 terabytes. And attachments are billed at 12 cents per gigabyte. Even though, under normal conditions, you're more likely to launch emails using an SMTP interface and SMTP compatible programming language like Java or through the SES API , then through the dashboard console, will nevertheless start off with a console.

Since accounts in sandbox mode cannot send emails to unverified addresses, to get things going, we'll have to verify at least one email address. From the dashboard, click on email addresses, just beneath the verify senders headline. Then, click on verify a new address and enter an address you'd like to verify. Notice the pending verification notice under status.

You'll receive an email address to that account in which you'll have to click on the link that's included. Once you've done that, clicking on the refresh link will update your status. We now have our first verified email. While we're here, we should spend a minute or two exploring under our notifications options. With our verified address selected, click on view details and expand notifications. We can see that events associated with this address will currently be sent via email, but that we could, if we chose, selects SNS notifications instead.

To do that, we'll first have to create a new SNS topic. From the SNS dashboard, click on create a new topic and then give your topic a name and display name. Say, email bounces and click create topic. We should now create a subscription to tell Amazon where to send our notifications.

While it will often make more sense to send quick notices via SMS or to do it programatically using SQS or a custom application by pointing the subscription to an AWS ARN address, we'll just stick with email, which, of course, is no different than the default setting that existed in the first place. Now, back in the SES dashboard, click on edit configuration and select our email bounces SNS topic for each category of event for which we would like to receive notification. Now we can chose to disable email feedback forwarding. Of course, we could also track error events from the SES dashboard, where, in my case at any rate, we see things are still pretty calm. We're now ready to send our first email. Select the verified email address and click on send a test email. Notice that our verified address is automatically populated the from address. For this test, we'll send the email to the same verified address, entering a subject and some body text. Since I control this address, I can easily confirm that it's arrived in one piece. Running extensive tests to make sure your configuration and email lists are working the way you'd like can cost you some money and potentially affect you reputation. For that purpose, AWS created a simulator that allows you to send mail to one of five fake email addresses, that should, if you've set things up properly, return predictable responses, send email to the address success@simulator.amazonses.com, should arrive successfully and will generate no response at all. Mail to bounce@simulator.amazonses.com will be rejected with an SMTP 550, unknown user response code. Ooto@simulator, which simulates an out of the office autoresponse, will be treated as delivered successfully, generating an OOTO message to SES. Complaint@simulator.amazonses.com will simulate a recipient clicking mark as spam within their email client, which generates a complaint response to SES.

Finally, blacklist@simulator.amazonses.com will return a message rejected error containing an address blacklisted error message. To illustrate, we'll enter blacklist@simulator.amazonses.com in the To field of an new email message. An email reporting the event should be delivered to our inbox within in a minute or so. Some ISPs will reject emails whose origin has not been authenticated. One authentication method is the sender policy framework, SPF, which, when deployed, compares an email's return address domain with the IP address the email is actually coming from to confirm that it matches the domain's real IP address.

Since AWS, SES uses only its own mail from domain, which has already been authenticated with SPF, you don't need worry about this. You may also want to sign your emails using the domain keys identified mail, DKIM system. This can be done from the view details page for a selected email address on the dashboard.

Eventually, once you've played around with the system enough that we're comfortable with how everything works, we'll be ready to send emails as part of a production deployment. We'll be on the sandbox environment we got by default. We'll have to request production access from Amazon.

Request production access is just another way of saying confirm to Amazon that you're not going to use this account for spamming or other illegal activities.

Click on the request button and identify the request as a service limit increase. This limit type box is already populated with SES production access. Select a region and if this deployment will be associated with a particular website, enter its URL. Confirm that your SES use will comply with Amazon policy, type a description of your planned usage, and click on a contact method. You should receive a response within one day.

Finally, you might want to send SES emails directly from your email client on your local PC. Configuring a client, like Mozilla Thunderbird or Microsoft Outlook, is simple. From the SES dashboard, click on SMTP settings and note the server name, port, TLS setting and general authentication credentials. Clicking on the create my SMTP credentials will guide you to an IM account setup.

About the Author
David Clinton
Linux SysAdmin
Learning Paths

David taught high school for twenty years, worked as a Linux system administrator for five years, and has been writing since he could hold a crayon between his fingers. His childhood bedroom wall has since been repainted.

Having worked directly with all kinds of technology, David derives great pleasure from completing projects that draw on as many tools from his toolkit as possible.

Besides being a Linux system administrator with a strong focus on virtualization and security tools, David writes technical documentation and user guides, and creates technology training videos.

His favorite technology tool is the one that should be just about ready for release tomorrow. Or Thursday.