Integrations and hooks
/
Third party integrations
/
Amazon SES
Last updated

Amazon SES

Configure Amazon SES as your external Frontegg email provider

Frontegg allows you to configure Amazon SES either via the portal or via API. Below is a breakdown of the integration process.

Portal configuration

The Amazon SES portal configuration relies on the Amazon user option, which requires you to create an IAM user, define that user's permissions, and create the access key under that IAM user. The credentials you receive for that user will be used as the Access Key ID and Secret Access Key, which are necessary to complete the integration with Amazon SES in the portal.

Step 1: Create an IAM user

Go to the AWS IAM User Guide and create a new IAM user in your Amazon account.

Step 2: Define user permissions

Grant the IAM user the required permissions to access Amazon SES. At a minimum, assign the ses:SendEmail and ses:SendRawEmail permissions. For more details on configuring permissions, You can find more information on permissions in the AWS IAM Permissions Guide.

Step 3: Create access key

Generate an access key for the IAM user. This will provide you with the Access Key ID and Secret Access Key needed for integration. Frontegg utilizes the Simple SES API, so be sure to create regular API keys for general use rather than keys restricted to sending SMTP emails only. You can follow the instructions in the AWS IAM Access Keys Guide.

Step 4: Complete integration

When setting up the integration with Amazon SES via the portal, use the Access Key ID and Secret Access Key obtained in the previous step to fill in the required fields.
For more detailed information on Amazon SES, you can visit the Amazon SES Documentation.

Amazon-SES-1

API configuration

API configuration with Amazon SES allows you to configure the service in the Amazon user and Amazon AssumeRole options.

To configure your external email provider via API, you will need to use the following route:
https://{domain}.frontegg.com/identity/resources/mail/v2/configurations
Send a POST request with the mandatory fields using credentials from either your Amazon SES, Mailgun, or SendGrid accounts. Read on to learn how.

Prerequisites

  • An environment token from the authentication route is required. Consult our Getting Started with Frontegg APIs to learn how to fetch yours.
  • Regions: Note that you will need to fill in the region field when invoking the request. Use us for the USA region, and eu for the Europe region.

Amazon user

When integrating with Amazon SES using the user option (provider field indicated as ses), you should create an IAM user in Amazon, define that user's permissions, and then create the access key under that IAM user. The credentials you receive should be used in the ses field of the API call, like so:

Amazon-SES-2

Amazon AssumeRole

When using the ses-role option, you will need to assume a role with Amazon. This will provide you with temporary security credentials (i.e., Access Key ID, Secret Access Key, and Security Token) that grant you the permissions defined by that role.

Amazon-SES-3

When invoking your POST request using ses-role as your provider, you will need to fill the secret field with the Amazon Resource Name (ARN) for an AWS Identity and Access Management (IAM) role you generated. An example of such a field identifier would be: arn:aws:iam::123456789012:role/example-role.

Assuming a role

Note that to assume a role, you need to have the necessary permissions to perform the sts:AssumeRole action. The role's trust policy must also allow your user, role, or service to assume it. This can be done via the AWS Management Console, AWS CLI, or AWS SDK. For detailed steps and examples, refer to the AWS documentation on Granting Users Permission to Assume an IAM Role and assume an IAM Role Using the AWS CLI.