Skip to content
A cute hedgehog picking up a building block Stackattack

emailDomain

View Source

Amazon SES (Simple Email Service) domain configuration enables sending transactional emails from your custom domain with full deliverability tracking. This component sets up domain verification, DKIM authentication, SPF/DMARC records, and event logging for production email sending.

import * as saws from "@stackattack/aws";


const ctx = saws.context();
const emailSetup = saws.emailDomain(ctx, {
  domain: "mail.example.com",
  dmarcInbox: "dmarc-reports@example.com"
});


export const configurationSet = emailSetup.configurationSet.name;

Usage

Section titled “Usage”

After deployment, send emails using the AWS SDK or SMTP:

// Using AWS SDK
import { SESv2Client, SendEmailCommand } from "@aws-sdk/client-sesv2";


const client = new SESv2Client({ region: "us-east-1" });
await client.send(new SendEmailCommand({
  FromEmailAddress: "noreply@mail.example.com",
  Destination: { ToAddresses: ["user@example.com"] },
  Content: {
    Simple: {
      Subject: { Data: "Welcome!" },
      Body: { Text: { Data: "Hello from SES!" } }
    }
  },
  ConfigurationSetName: "my-email-config-set"
}));

Monitor email events and deliverability:

Terminal window
# Check domain verification status
aws sesv2 get-email-identity --email-identity mail.example.com


# View sending statistics
aws sesv2 get-account-sending-enabled
aws sesv2 get-configuration-set --configuration-set-name my-config-set

Important Setup Notes

Section titled “Important Setup Notes”
  • Production Access: You must request production access in the AWS SES console to send emails to unverified addresses. This component sets up the domain but does not automatically grant production sending access.
  • Dedicated IP: This component does not include dedicated IP setup. For high-volume sending requiring dedicated IPs, additional configuration is needed.

Costs

Section titled “Costs”

SES pricing is usage-based with no upfront costs:

  • Free tier: 200 emails/day for applications hosted on AWS
  • Standard pricing: $0.10 per 1,000 emails sent
  • Dedicated IP: $24.95/month per IP (for high-volume senders, not included in this component)
  • Data transfer: Standard AWS rates for attachments

Cost optimization strategies:

  • Use SES configuration sets to track bounce/complaint rates and maintain sender reputation
  • Implement email validation to avoid sending to invalid addresses
  • Consider bulk sending features for newsletters vs transactional emails
  • Monitor sending quotas to avoid throttling in production

emailDomain

Section titled “emailDomain”

Sets up a complete email domain configuration with Amazon SES. This function creates domain identity, DKIM verification, SPF/DMARC records, configuration set, event logging, and optional S3 logging and webhooks.

function emailDomain(ctx: Context, args: EmailDomainArgs): { configurationSet: ConfigurationSet; logTopic: Topic }

Parameters

Section titled “Parameters”
  • ctx (Context) - The context for resource naming and tagging
  • args (EmailDomainArgs) - Configuration arguments for the email domain setup

Returns

Section titled “Returns”
  • ({ configurationSet: ConfigurationSet; logTopic: Topic }) - Sets up a complete email domain configuration with Amazon SES. This function creates domain identity, DKIM verification, SPF/DMARC records, configuration set, event logging, and optional S3 logging and webhooks.

Functions

Section titled “Functions”

emailLogRolePolicy

Section titled “emailLogRolePolicy”

Creates an IAM policy document for email log delivery role that allows access to Kinesis Firehose. This policy grants permissions to put records into the specified Firehose delivery stream.

function emailLogRolePolicy(firehoseArn: Input<string>): Output<GetPolicyDocumentResult>

Parameters

Section titled “Parameters”
  • firehoseArn (Input<string>) - The ARN of the Kinesis Firehose delivery stream

Returns

Section titled “Returns”
  • (Output<GetPolicyDocumentResult>) - Creates an IAM policy document for email log delivery role that allows access to Kinesis Firehose. This policy grants permissions to put records into the specified Firehose delivery stream.

emailLogSnsTopicPolicy

Section titled “emailLogSnsTopicPolicy”

Creates an IAM policy document for SNS topic access by AWS services. This policy allows AWS services within the same account to interact with the SNS topic.

function emailLogSnsTopicPolicy(args: EmailSNSTopicPolicyArgs): Output<GetPolicyDocumentResult>

Parameters

Section titled “Parameters”

Returns

Section titled “Returns”
  • (Output<GetPolicyDocumentResult>) - Creates an IAM policy document for SNS topic access by AWS services. This policy allows AWS services within the same account to interact with the SNS topic.

emailS3Log

Section titled “emailS3Log”

Creates an SNS topic subscription that delivers email events to S3 via Kinesis Firehose. This function sets up the necessary IAM role and subscription to stream email events to S3.

function emailS3Log(ctx: Context, args: EmailS3LogArgs): TopicSubscription

Parameters

Section titled “Parameters”
  • ctx (Context) - The context for resource naming and tagging
  • args (EmailS3LogArgs) - Configuration arguments for the S3 log setup

Returns

Section titled “Returns”
  • (TopicSubscription) - Creates an SNS topic subscription that delivers email events to S3 via Kinesis Firehose. This function sets up the necessary IAM role and subscription to stream email events to S3.

Interfaces

Section titled “Interfaces”

EmailDomainArgs

Section titled “EmailDomainArgs”

Configuration arguments for setting up a complete email domain with SES.

Properties

Section titled “Properties”
  • dmarcInbox (Input<string>) - Email address to receive DMARC reports
  • domain (Input<string>) - The domain name to configure for email sending
  • logs? (S3FirehoseArgs) - Optional S3 logging configuration via Firehose
  • noPrefix? (boolean) - Whether to skip adding a prefix to resource names
  • noVerify? (boolean) - Whether to skip domain verification setup (DNS records)
  • nTokens? (number) - Number of DKIM tokens to create (defaults to 3)
  • webhookUrl? (Input<string>) - Optional webhook URL for email event notifications
  • zoneId? (Input<string>) - Optional Route53 hosted zone ID (will be auto-detected if not provided)

EmailS3LogArgs

Section titled “EmailS3LogArgs”

Configuration arguments for setting up email log delivery to S3 via Firehose.

Properties

Section titled “Properties”
  • emailLogTopicArn (Input<string>) - The ARN of the SNS topic that receives email events
  • firehoseArn (Input<string>) - The ARN of the Kinesis Firehose delivery stream for S3 logging
  • noPrefix? (boolean) - Whether to skip adding a prefix to resource names

EmailSNSTopicPolicyArgs

Section titled “EmailSNSTopicPolicyArgs”

Configuration arguments for creating an SNS topic policy for email logging.

Properties

Section titled “Properties”
  • accountId? (Input<string>) - The AWS account ID (optional, will be retrieved automatically if not provided)
  • topicArn (Input<string>) - The ARN of the SNS topic to create the policy for