Using SES across accounts with identity owner

[mariusburfey]

User Story

As devops-engineer I want to separate my environments from each other to keep my applications as secure as possible, as described in AWS best practices. I do not want to validate my SES-domains in all accounts, but I want to use "identity owners" to send mails from multiple accounts via one SES-domain: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/sending-authorization-delegate-sender-tasks-email.html

The result is: I have a lot of environments (PROD, TEST, STAGE, ...), which can send SES-mails from my one "SES-core-account", which contains my validated domains.

Solution

Since django-ses is not supporting this yet, but boto3 does support it, I am intending to do:

• add three new environment-variables: AWS_SES_SOURCE_ARN, AWS_SES_FROM_ARN, AWS_SES_RETURN_PATH_ARN
• configure the variables similar to the DKIM-variables
• use the new variables in django_ses.SESBackend.send_messages as additional parameters for send_raw_email: SourceArn , FromArn, ReturnPathArn

Question

What do you think?

[pcraciunoiu]

@mariusburfey thank you for contributing. This has been released as a minor version: https://pypi.org/project/django-ses/2.3.0/