Comment on page
Create AWS Role
Once you have an AWS Account you need to create an 'IAM Full Access Role' for Send With SES. Send With SES will use this 'IAM Role' to provision various resources (SES, SQS, SNS, S3, Pinpoint, CloudWatch, etc.) within your AWS Account for sending Emails, SMS, Push Notifications, and for collecting message delivery statistics.
Follow the instructions below to create the IAM Role.
IMPORTANT: Account ID must be 033267325636
Why IAM Full Access? Go to end of this article.
IAM Full Access is something similar to full Admin Access. It gives Send With SES the power to provision any resource within your AWS Account. However Send With SES only provisions resources which are required to send Emails, SMS, and Push Notifications, and to collect various delivery statistics. Currently these resources are - SES, SQS, SNS, S3, Pinpoint, CloudWatch. Send With SES will inform you in advance if any new resource is to be provisioned.
The alternative to IAM Full Access Role is to create a 'User' with specific permissions for each of the required AWS Resource and give Send With SES the 'secret keys' for that user (a risky proposition). You will also need create a 'SNS Role' for collecting CloudWatch metrics and give Send With SES that Role ARN. In future if any new permission is required you will need to edit that User/Role. All this can be confusing and cumbersome to most users. The IAM Full Access Role allows Send With SES to securely and programmatically handle all these tasks for you.
Send With SES accesses your AWS Account by requesting a set of temporary keys using the 'IAM Role' provided by you. No third parties can access your account.
You can delete the IAM Role at any time to prevent Send With SES from accessing your AWS Account.