AWS SES Permissions Policy Generator

Easily generate custom AWS SES email policies with IP and email conditions using our intuitive online tool.

Calculator

Generated Permissions Policy

Notes
  • Utilizing IP Addresses in Policies
    The inclusion of IP addresses in your policy conditions enables you to restrict or allow actions based on the source IP. This is particularly useful for limiting access to your AWS resources from specific network locations. For instance, you might only allow certain actions from your corporate network, enhancing the overall security of your AWS environment.
  • Incorporating Email Addresses in Policies
    Specifying email addresses in your policy can be instrumental in controlling who can send emails from your AWS SES. By using the StringNotLike condition with the ses:FromAddress key, you can exclude specific email addresses or even entire domains. This feature is crucial for preventing unauthorized use of your email sending capabilities and for ensuring that only designated email addresses or domains are permitted to send emails.
  • Using aws:RequestedRegion in Policies
    When creating policies, consider including the aws:RequestedRegion condition. This allows you to specify the AWS region from which an action is allowed. This can be particularly useful for controlling access in multi-regional deployments, ensuring that actions are only performed in intended regions, thereby enhancing the security and integrity of your AWS environment.
  • Using StringLike and ses:SendEmail
    The Action ses:SendEmail allows the sending of emails through Amazon SES. This setup is useful if you want to restrict the ses:SendEmail action to specific email addresses or domains. It's important to ensure that the email addresses specified in the policy match those that you intend to use in your actual SES operations.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "EmailFilterPolicy",
      "Effect": "Allow",
      "Action": "ses:SendEmail",
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "ses:FromAddress": [
            "[email protected]",
            "*.department.example.com"
          ]
        }
      }
    }
  ]
}
Disclaimer
  • This tool is provided as-is without any warranty.
  • Usage is entirely at your own risk.
  • We are not liable for any policy errors or omissions.
  • We accept no responsibility for any consequences arising from policy use.
  • Ensure compliance with AWS guidelines and your organisational policies.
Updated on: 
raramuridesign consulting - web strategy, development, design