Setting Up SES

First, go to IAM and create a new user named {domain}_{env}_ses. Select "Programmatic access" as the access type.

In permissions, choose to attach an existing policy directly. Give the user the AmazonSESFullAccess policy.

After the next step, you will be provided the new user's access key ID and secret access key. Copy these values into the server's config.js mail.ses section.

Review and create the user.

Now, go to SES. Go to "Domains", and click "Verify a New Domain". Enter the domain you will use, and make sure "Generate DKIM Settings" is checked.

Copy all of the DNS records into your DNS provider for the domain you are verifying.

Once you are done updating your DNS, click here to get out of the SES sandbox. You'll have to wait until your support request is approved before you can send emails from the app.

---

For receiving email, we'll set up a rule that will save any emails received at your domain into an S3 bucket.

In the left navigation, click "Rule Sets" under "Email Receiving", then click "Create a Receipt Rule".

In the recipient field, either enter individual email addresses from your verified domain. If you want to capture emails for *@{domain}.com, just enter {domain}.com. Once you've added your recipients, click "Next Step".

In the "Actions" page, create a new S3 action. For "S3 Bucket", create a new bucket called {domain}_email-catchall. Under "SNS Topic", create a new topic, with the "Topic Name" set to {domain}_email-catchall. Click "Next Step".

In the "Rule Details" page, set the "Rule name" to {domain}_email-catchall. Make sure "Enabled" and "Enable spam and virus scanning" are checked, and "Require TLS" is unchecked. Click "Next Step", then click "Create Rule".

You will now receive emails for your domain in S3.