Amazon SES
Configure Amazon SES as an email provider in Notiflows
Amazon Simple Email Service (SES) is a cost-effective email service built on AWS infrastructure.
Prerequisites
Before configuring SES in Notiflows, you need:
- An AWS account
- A verified sending identity (domain or email address)
- An IAM user with SES send permissions
- SES moved out of sandbox mode if you need to send to unverified recipients
Configuration
| Field | Required | Description |
|---|---|---|
| Region | Yes | The AWS region where SES is configured (e.g., us-east-1) |
| Access Key ID | Yes | IAM user access key |
| Secret Access Key | Yes | IAM user secret key |
| From Email | Yes | A verified sender email address or an address on a verified domain |
| From Name | No | Display name shown to recipients (e.g., My App) |
Step 1: Verify a sender identity
SES requires you to verify the domain or email address you send from. Domain verification is recommended for production because it covers all addresses on that domain.
Option A: Verify a domain (recommended)
- Open the Amazon SES console
- In the left navigation, under Configuration, click Identities
- Click Create identity
- Select Domain as the identity type
- Enter your domain (e.g.,
example.com) - Under Verifying your domain, leave Easy DKIM selected and choose RSA_2048_BIT as the signing key length
- Click Create identity
SES generates three CNAME records for DKIM authentication. You need to add these to your domain's DNS:
- On the identity details page, click the Authentication tab
- Expand Publish DNS records — you'll see three CNAME records
- Add each record to your DNS provider (or click Download .csv record set to export them)
- Wait for DNS propagation — the Identity status changes to Verified once SES detects the records (usually a few minutes, can take up to 72 hours)
If you use Amazon Route 53 for DNS, SES can publish the records automatically. Check the Publish DNS records to Route53 option during identity creation.
Option B: Verify an email address
Use this for quick testing or if you don't own the sending domain.
- Open the Amazon SES console
- In the left navigation, under Configuration, click Identities
- Click Create identity
- Select Email address as the identity type
- Enter the email address you want to send from
- Click Create identity
- Check your inbox for an email from
no-reply-aws@amazon.comand click the verification link
The identity status updates to Verified within a few minutes.
Step 2: Move out of sandbox mode
New SES accounts start in sandbox mode, which limits sending to verified email addresses only. For production use, you need to request production access.
- Open the Amazon SES console
- In the left navigation, click Account dashboard
- At the top you'll see a banner: "Your Amazon SES account is in the sandbox"
- Click View Get set up page, then Request production access
- Fill in the form:
- Mail Type — select Transactional
- Website URL — your application's URL
- Additional Contacts — email addresses for account communications
- Acknowledge that you'll only send to recipients who have opted in and that you handle bounces and complaints
- Click Submit request
AWS typically responds within 24 hours.
Step 3: Create an IAM user
Notiflows needs an IAM access key with permission to send email through SES. Create a dedicated IAM user rather than using root account credentials.
Create the IAM policy
- Open the IAM console
- In the left navigation, click Policies
- Click Create policy
- Click the JSON tab and paste the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "*"
}
]
}- Click Next
- Name the policy (e.g.,
NotiflowsSESSendEmail) - Click Create policy
To restrict sending to a specific verified identity, replace "Resource": "*" with your identity ARN:
"Resource": "arn:aws:ses:us-east-1:123456789012:identity/example.com"You can find your identity ARN on the identity details page in the SES console.
Create the user and attach the policy
- In the IAM console, click Users in the left navigation
- Click Create user
- Enter a user name (e.g.,
notiflows-ses) - Do not check "Provide user access to the AWS Management Console" — Notiflows only needs programmatic access
- Click Next
- Select Attach policies directly
- Search for the policy you created (
NotiflowsSESSendEmail) and check it - Click Next, then Create user
Generate access keys
- Click on the user you just created to open the user details
- Go to the Security credentials tab
- Scroll to Access keys and click Create access key
- Select Third-party service as the use case
- Check the acknowledgment and click Next, then Create access key
- Copy the Access Key ID and Secret Access Key
The secret access key is only shown once. Copy it now and store it securely. If you lose it, you'll need to create a new access key pair.
Step 4: Choose a region
SES is a regional service. The region you choose in Notiflows must match the region where your verified identities are configured. Pick the region closest to your users for lower latency.
| Region | Location |
|---|---|
us-east-1 | N. Virginia |
us-west-2 | Oregon |
eu-west-1 | Ireland |
eu-central-1 | Frankfurt |
ap-southeast-1 | Singapore |
ap-southeast-2 | Sydney |
Step 5: Set up in Notiflows
- Navigate to Channels in your project
- Click Create Channel
- Select Email as the channel type
- Select Amazon SES as the provider
- Select your Region
- Enter your IAM Access Key ID and Secret Access Key
- Enter your verified From Email and optionally a From Name
- Save the channel
Templates
Email templates support three content types:
- Visual - Drag-and-drop editor for rich HTML emails
- HTML - Raw HTML with full control
- Plaintext - Simple text emails
Use Liquid templating for dynamic content:
Hi {{ recipient.first_name }},
{{ data.message }}
Best,
{{ actor.first_name }}Available variable contexts:
recipient.*- Recipient user data (first_name, last_name, email, etc.)actor.*- User who triggered the notificationdata.*- Custom payload passed when triggering the notiflow