diff --git a/roles/aws/aws_ses/defaults/main.yml b/roles/aws/aws_ses/defaults/main.yml
new file mode 100644
index 000000000..10218b089
--- /dev/null
+++ b/roles/aws/aws_ses/defaults/main.yml
@@ -0,0 +1,2 @@
+_ses_domain: codeenigma.uk
+region: "{{ _aws_region}}"
diff --git a/roles/aws/aws_ses/tasks/main.yml b/roles/aws/aws_ses/tasks/main.yml
new file mode 100644
index 000000000..62da7c1b5
--- /dev/null
+++ b/roles/aws/aws_ses/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- name: "Ensure {{ _ses_domain }} domain identity exists"
+  community.aws.ses_identity:
+    profile: "{{ _aws_profile }}"
+    identity: "{{ _ses_domain }}"
+    state: present
+    region: "{{ _aws_region}}"
+
+- name: Gather AWS account ID if it isn't already set.
+  amazon.aws.aws_caller_info:
+    profile: "{{ _aws_profile }}"
+  delegate_to: localhost
+  register: aws_account_id
+
+- name: Add sending authorization policy to domain identity
+  community.aws.ses_identity_policy:
+    identity: "{{ _ses_domain }}"
+    policy_name: AWSses
+    policy: "{{ lookup('template', 'ses.json.j2') }}"
+    state: present
+    region: "{{ _aws_region }}"
+
+- name: Fetch SES domain CNAME
+  ansible.builtin.command: "aws ses verify-domain-dkim --domain {{ _ses_domain }} --region {{ _aws_region }}"
+  register: ses_dkim_attributes
+
+- name: Add a DNS records in Route 53 for validation.
+  amazon.aws.route53:
+    state: present
+    zone: "{{ _ses_domain }}"
+    record: "{{ item }}._domainkey.{{ _ses_domain }}"
+    profile: "core"
+    type: CNAME
+    ttl: 300
+    value: "{{ item }}.dkim.amazonses.com"
+  loop: "{{ ses_dkim_attributes.stdout | from_json | json_query('DkimTokens') }}"
diff --git a/roles/aws/aws_ses/templates/ses.json.j2 b/roles/aws/aws_ses/templates/ses.json.j2
new file mode 100644
index 000000000..3230f7bdd
--- /dev/null
+++ b/roles/aws/aws_ses/templates/ses.json.j2
@@ -0,0 +1,37 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ses:SendEmail",
+                "ses:PutEmailIdentityDkimAttributes",
+                "ses:PutEmailIdentityDkimSigningAttributes",
+                "ses:ListRecommendations",
+                "ses:BatchGetMetricData",
+                "ses:UntagResource",
+                "ses:TagResource",
+                "ses:PutEmailIdentityMailFromAttributes",
+                "ses:PutEmailIdentityFeedbackAttributes",
+                "ses:PutEmailIdentityConfigurationSetAttributes",
+                "ses:DeleteEmailIdentityPolicy",
+                "ses:DeleteEmailIdentity",
+                "ses:UpdateEmailIdentityPolicy",
+                "ses:CreateDeliverabilityTestReport",
+                "ses:CreateEmailIdentityPolicy",
+                "ses:GetDomainStatisticsReport",
+                "ses:GetEmailIdentityPolicies",
+                "ses:GetEmailIdentity",
+                "ses:SendBulkTemplatedEmail",
+                "ses:SendTemplatedEmail",
+                "ses:SendRawEmail"
+            ],
+            "Principal": {
+                "AWS": [
+                  "{{ aws_account_id.account }}"
+                ]
+            },
+            "Resource": "arn:aws:ses:{{ _aws_region }}:{{ aws_account_id.account }}:identity/{{ _ses_domain }}"
+        }
+    ]
+}