Once you have an AWS Account you need to create an 'IAM Full Access Role' for Send With SES. Send With SES will use this 'IAMRole' to provision various resources (SES, SQS, SNS, S3, Pinpoint, CloudWatch, etc.) within your AWS Account for sending Emails, SMS, Push Notifications, and for collecting message delivery statistics.
Follow the instructions below to create the IAM Role.
9. Copy paste the ARN Role in Send With SES Settings
MUST READ: Why we ask for "IAM Full Access" Role ?
IAM Full Access is something similar to full Admin Access. It gives Send With SES the power to provision any resource within your AWS Account. However Send With SES only provisions resources which are required to send Emails, SMS, and Push Notifications, and to collect various delivery statistics. Currently these resources are - SES, SQS, SNS, S3, Pinpoint, CloudWatch. Send With SES will inform you in advance if any new resource is to be provisioned.
The alternative to IAM Full Access Role is to create a 'User' with specific permissions for each of the required AWS Resource and give Send With SES the 'secret keys' for that user (a risky proposition). You will also need create a 'SNS Role' for collecting CloudWatch metrics and give Send With SES that Role ARN. In future if any new permission is required you will need to edit that User/Role. All this can be confusing and cumbersome to most users. The IAM Full Access Role allows Send With SES to securely and programmatically handle all these tasks for you.
Your AWS Account Security.
Send With SES accesses your AWS Account by requesting a set of temporary keys using the 'IAM Role' provided by you. No third parties can access your account.
You can delete the IAM Role at any time to prevent Send With SES from accessing your AWS Account.
It is highly recommended you create a separate AWS Account exclusively for Send With SES. This way you can be sure that any resource launched within this AWS Account has been provisioned by Send With SES.
