A
Setup checklist
0 of 5 done1
Verify your sending domain
AWS SES → Verified identities → Add domain. Add the 3 CNAME records for DKIM.
2
Move out of sandbox
By default SES is in sandbox (can only send to verified addresses). Request production access in SES console.
3
Create an IAM user with SES send permissions
Policy: ses:SendEmail, ses:SendRawEmail. Generate access key ID + secret.
4
Set up a configuration set (recommended)
Enables event publishing (bounces, complaints) to SNS for our bounce-handling.
5
Add a 'from' address that's a subdomain of your verified domain
e.g. noreply@notifications.yourdomain.com once notifications.yourdomain.com is DKIM-verified.
B
Configuration
All credentials are encrypted at rest. Mask shown above; real values stored via secret manager reference.All fields
Verified from address*
Must be verified in SES.
Configuration set
Optional. Used for tracking + suppression.
C
Test connection
Verify credentials with a real call to the provider.Sends a test request with the current configuration. Doesn't enable the module — preview only.
E
Audit log
Every config change recorded with diff.| Timestamp | Actor | Change |
|---|
| 2026-05-23 11:42 | Jagdish H. | config_update: smtp_host changed |
| 2026-05-22 09:18 | Jagdish H. | module.enable |
| 2026-05-22 09:14 | Jagdish H. | config_create: initial setup |