Introduction.
In today’s cloud-native application environment, email functionality is a crucial part of many systems—whether for user verification, password recovery, notifications, or marketing campaigns. While there are many third-party services available for sending emails, Amazon Web Services (AWS) offers its own scalable and cost-effective solution called Simple Email Service (SES). SES is a flexible, reliable, and highly scalable email-sending platform that enables developers to send transactional, marketing, or notification emails from within any application.
However, setting up SES manually through the AWS Management Console can be time-consuming and error-prone, especially when managing multiple environments or teams. This is where infrastructure as code (IaC) comes in—specifically, Terraform. Terraform, developed by HashiCorp, allows you to define and manage your cloud infrastructure in a declarative configuration language, giving you the power to automate and version-control your setups with ease. Combining AWS SES with Terraform provides a robust, repeatable, and maintainable way to deploy email services in your cloud infrastructure.
In this guide, we’ll walk you through how to create an SES email service using Terraform. You’ll learn how to verify a domain, configure DNS records for SPF and DKIM, and prepare your environment to securely send emails. Whether you’re building for production or testing environments, this setup ensures consistency and compliance with best practices.
We’ll start with the basics of what SES offers and why it’s beneficial to automate it. Then we’ll move on to writing Terraform configurations that define the SES domain identity, set up DNS records in Route 53, and output useful values like verification tokens and DKIM records. We’ll also touch on additional configurations, such as IAM policies and SMTP credentials, if needed.
By the end of this tutorial, you’ll not only understand how SES works behind the scenes, but you’ll also have a fully functional, Terraform-managed email service that integrates seamlessly into your CI/CD pipeline or development workflow. Whether you’re a DevOps engineer, cloud architect, or developer looking to streamline your infrastructure, this guide is designed to help you get started with minimal friction.
Prerequisites
- A hosted zone in Route 53 for your domain.
- Verified access to the domain’s DNS configuration.
Terraform Code Structure
Create main.tf file and click on save the file.
main.tf
provider "aws" {
region = "us-east-1" # SES is only available in certain regions
}
variable "domain" {
description = "The domain to verify with SES"
type = string
}
resource "aws_ses_domain_identity" "ses_domain" {
domain = var.domain
}
resource "aws_route53_record" "ses_verification_record" {
zone_id = data.aws_route53_zone.primary.zone_id
name = "_amazonses.${var.domain}"
type = "TXT"
ttl = 600
records = [aws_ses_domain_identity.ses_domain.verification_token]
}
resource "aws_ses_domain_dkim" "dkim" {
domain = aws_ses_domain_identity.ses_domain.domain
}
resource "aws_route53_record" "dkim_records" {
count = 3
zone_id = data.aws_route53_zone.primary.zone_id
name = "${aws_ses_domain_dkim.dkim.dkim_tokens[count.index]}._domainkey.${var.domain}"
type = "CNAME"
ttl = 600
records = ["${aws_ses_domain_dkim.dkim.dkim_tokens[count.index]}.dkim.amazonses.com"]
}
data "aws_route53_zone" "primary" {
name = "${var.domain}."
private_zone = false
}
Create Output.tf file and save the file
outputs.tf
output "domain_identity_arn" {
value = aws_ses_domain_identity.ses_domain.arn
}
output "dkim_tokens" {
value = aws_ses_domain_dkim.dkim.dkim_tokens
}
Go to terminal and enter the aws configure.
Enter the Access and Secret Keys.
Enter the Following commands.
terraform init
terraform plan
terraform apply
Verify the Email Notification.
Now, You will go to check your mail.
Mail notification from AWS.
Conclusion.
Setting up AWS SES with Terraform not only simplifies your email infrastructure deployment but also brings automation, repeatability, and version control to a process that’s often manual and error-prone. In this guide, we walked through verifying a domain with SES, creating DNS records for domain authentication (SPF and DKIM), and using Terraform to manage the entire setup. By treating your SES configuration as code, you gain the flexibility to scale, audit, and replicate your setup across environments with confidence.
Whether you’re building applications that require transactional email, alerts, or bulk messaging, combining the power of AWS SES and Terraform ensures you’re doing it in a cloud-native, automated, and secure way. As your infrastructure grows, this approach will save time, reduce risk, and help maintain consistency across your cloud resources.
Now that you’ve completed the foundational setup, you can take it further by adding email sending permissions, SMTP users, or integrating SES with AWS Lambda and SNS for advanced workflows. Infrastructure as code isn’t just about convenience—it’s about building smarter and more resilient systems.
