# Amazon SES examples using AWS CLI with Bash script
The following code examples show you how to perform actions and implement common scenarios by using the AWS Command Line Interface with Bash script with Amazon SES.
*Scenarios* are code examples that show you how to accomplish specific tasks by calling multiple functions within a service or combined with other AWS services.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
**Topics**
+ [Scenarios](#scenarios)
## Scenarios
### Setting up Amazon Simple Email Service (SES)
The following code example shows how to:
+ Verify an email address
+ Verify a domain (optional)
+ Check your sending limits
+ Send a test email
+ Clean up resources
**AWS CLI with Bash script**
There's more on GitHub. Find the complete example and learn how to set up and run in the [Sample developer tutorials](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/033-ses-gs) repository.
```
#!/bin/bash
# Amazon SES Setup Script (v2)
# This script helps you set up Amazon SES for sending emails
# Initialize log file
LOG_FILE="ses-setup.log"
echo "Starting Amazon SES setup at $(date)" > "$LOG_FILE"
# Function to log commands and their output
log_cmd() {
echo "Running: $1" | tee -a "$LOG_FILE"
eval "$1" 2>&1 | tee -a "$LOG_FILE"
return ${PIPESTATUS[0]}
}
# Function to check for errors in command output
check_error() {
local cmd_output="$1"
local cmd_status="$2"
local error_msg="$3"
local ignore_error="${4:-false}"
if [[ $cmd_status -ne 0 || "$cmd_output" =~ [Ee][Rr][Rr][Oo][Rr] ]]; then
echo "ERROR: $error_msg" | tee -a "$LOG_FILE"
if [[ "$ignore_error" != "true" ]]; then
cleanup_resources
exit 1
fi
fi
}
# Function to clean up resources
cleanup_resources() {
echo "Cleaning up resources..." | tee -a "$LOG_FILE"
# No physical resources to clean up for SES setup
# Email identities can be deleted if needed
if [[ -n "$EMAIL_ADDRESS" ]]; then
echo "Deleting email identity: $EMAIL_ADDRESS" | tee -a "$LOG_FILE"
log_cmd "aws ses delete-identity --identity \"$EMAIL_ADDRESS\""
fi
if [[ -n "$RECIPIENT_EMAIL" && "$RECIPIENT_EMAIL" != "$EMAIL_ADDRESS" ]]; then
echo "Deleting recipient email identity: $RECIPIENT_EMAIL" | tee -a "$LOG_FILE"
log_cmd "aws ses delete-identity --identity \"$RECIPIENT_EMAIL\""
fi
if [[ -n "$DOMAIN_NAME" ]]; then
echo "Deleting domain identity: $DOMAIN_NAME" | tee -a "$LOG_FILE"
log_cmd "aws ses delete-identity --identity \"$DOMAIN_NAME\""
fi
}
# Track created resources
CREATED_RESOURCES=()
# Welcome message
echo "============================================="
echo "Amazon SES Setup Script"
echo "============================================="
echo "This script will help you set up Amazon SES for sending emails."
echo "You'll need to verify at least one email address that you own."
echo ""
echo "NOTE: New SES accounts are placed in the sandbox environment."
echo "In the sandbox, both sender AND recipient email addresses must be verified."
echo ""
# Get email address to verify
echo "Please enter an email address that you own and can access:"
read -r EMAIL_ADDRESS
# Verify email identity
echo "Verifying email address: $EMAIL_ADDRESS" | tee -a "$LOG_FILE"
OUTPUT=$(log_cmd "aws ses verify-email-identity --email-address \"$EMAIL_ADDRESS\"")
check_error "$OUTPUT" $? "Failed to verify email address"
CREATED_RESOURCES+=("Email identity: $EMAIL_ADDRESS")
echo "A verification email has been sent to $EMAIL_ADDRESS."
echo "Please check your inbox and click the verification link before continuing."
echo ""
echo "Press Enter after you've verified your email address..."
read -r
# Check verification status
echo "Checking verification status..." | tee -a "$LOG_FILE"
OUTPUT=$(log_cmd "aws ses list-identities --identity-type EmailAddress")
check_error "$OUTPUT" $? "Failed to list identities"
OUTPUT=$(log_cmd "aws ses get-identity-verification-attributes --identities \"$EMAIL_ADDRESS\"")
check_error "$OUTPUT" $? "Failed to get verification attributes"
# Check if the email is verified
VERIFICATION_STATUS=$(echo "$OUTPUT" | grep -o '"VerificationStatus": "[^"]*' | cut -d'"' -f4)
if [[ "$VERIFICATION_STATUS" != "Success" ]]; then
echo "Email address $EMAIL_ADDRESS is not verified yet. Please check your inbox and verify before continuing."
echo "Exiting script..."
exit 1
fi
# Ask if user wants to verify a domain
echo ""
echo "Do you want to verify a domain for sending emails? (y/n):"
read -r VERIFY_DOMAIN
if [[ "$VERIFY_DOMAIN" =~ ^[Yy] ]]; then
echo "Please enter the domain name you want to verify:"
read -r DOMAIN_NAME
# Verify domain identity
echo "Verifying domain: $DOMAIN_NAME" | tee -a "$LOG_FILE"
OUTPUT=$(log_cmd "aws ses verify-domain-identity --domain \"$DOMAIN_NAME\"")
check_error "$OUTPUT" $? "Failed to verify domain identity"
# Extract verification token
VERIFICATION_TOKEN=$(echo "$OUTPUT" | grep -o '"VerificationToken": "[^"]*' | cut -d'"' -f4)
CREATED_RESOURCES+=("Domain identity: $DOMAIN_NAME")
echo ""
echo "============================================="
echo "Domain Verification Instructions"
echo "============================================="
echo "To verify your domain ownership, you need to add a TXT record"
echo "to your domain's DNS settings with the following values:"
echo ""
echo "Record Type: TXT"
echo "Record Name: _amazonses.$DOMAIN_NAME"
echo "Record Value: $VERIFICATION_TOKEN"
echo ""
echo "After adding this DNS record, verification may take up to 72 hours."
echo ""
# Set up DKIM for the domain
echo "Setting up DKIM for domain: $DOMAIN_NAME" | tee -a "$LOG_FILE"
OUTPUT=$(log_cmd "aws ses verify-domain-dkim --domain \"$DOMAIN_NAME\"")
check_error "$OUTPUT" $? "Failed to set up DKIM"
# Extract DKIM tokens
DKIM_TOKENS=$(echo "$OUTPUT" | grep -o '"DkimTokens": \[[^]]*\]' | sed 's/"DkimTokens": \[\|\]//g' | sed 's/,//g' | sed 's/"//g')
echo "============================================="
echo "DKIM Configuration Instructions"
echo "============================================="
echo "To configure DKIM for your domain, add the following CNAME records"
echo "to your domain's DNS settings:"
echo ""
for token in $DKIM_TOKENS; do
echo "Record Type: CNAME"
echo "Record Name: ${token}._domainkey.$DOMAIN_NAME"
echo "Record Value: ${token}.dkim.amazonses.com"
echo ""
done
echo "After adding these DNS records, DKIM verification may take up to 72 hours."
echo ""
fi
# Check sending limits
echo "Checking your SES sending limits..." | tee -a "$LOG_FILE"
OUTPUT=$(log_cmd "aws ses get-send-quota")
check_error "$OUTPUT" $? "Failed to get sending quota"
# Extract quota information
MAX_SEND_RATE=$(echo "$OUTPUT" | grep -o '"MaxSendRate": [0-9.]*' | cut -d' ' -f2)
MAX_24_HOUR_SEND=$(echo "$OUTPUT" | grep -o '"Max24HourSend": [0-9.]*' | cut -d' ' -f2)
SENT_LAST_24_HOURS=$(echo "$OUTPUT" | grep -o '"SentLast24Hours": [0-9.]*' | cut -d' ' -f2)
echo ""
echo "============================================="
echo "Your SES Sending Limits"
echo "============================================="
echo "Maximum send rate: $MAX_SEND_RATE emails/second"
echo "Maximum 24-hour send: $MAX_24_HOUR_SEND emails"
echo "Sent in the last 24 hours: $SENT_LAST_24_HOURS emails"
echo ""
# Ask if user wants to send a test email
echo "Do you want to send a test email? (y/n):"
read -r SEND_TEST
if [[ "$SEND_TEST" =~ ^[Yy] ]]; then
echo ""
echo "============================================="
echo "SANDBOX ENVIRONMENT NOTICE"
echo "============================================="
echo "Your account is likely in the SES sandbox environment."
echo "In the sandbox, you can only send emails to verified email addresses."
echo ""
echo "Do you want to:"
echo "1. Send a test email to the same verified address ($EMAIL_ADDRESS)"
echo "2. Verify another email address to use as recipient"
echo ""
echo "Enter your choice (1 or 2):"
read -r RECIPIENT_CHOICE
if [[ "$RECIPIENT_CHOICE" == "1" ]]; then
RECIPIENT_EMAIL="$EMAIL_ADDRESS"
else
echo "Please enter the recipient email address you want to verify:"
read -r RECIPIENT_EMAIL
# Verify recipient email identity if different from sender
if [[ "$RECIPIENT_EMAIL" != "$EMAIL_ADDRESS" ]]; then
echo "Verifying recipient email address: $RECIPIENT_EMAIL" | tee -a "$LOG_FILE"
OUTPUT=$(log_cmd "aws ses verify-email-identity --email-address \"$RECIPIENT_EMAIL\"")
check_error "$OUTPUT" $? "Failed to verify recipient email address"
CREATED_RESOURCES+=("Email identity: $RECIPIENT_EMAIL")
echo "A verification email has been sent to $RECIPIENT_EMAIL."
echo "Please check the inbox and click the verification link before continuing."
echo ""
echo "Press Enter after you've verified the recipient email address..."
read -r
# Check recipient verification status
OUTPUT=$(log_cmd "aws ses get-identity-verification-attributes --identities \"$RECIPIENT_EMAIL\"")
check_error "$OUTPUT" $? "Failed to get recipient verification attributes"
# Check if the recipient email is verified
RECIPIENT_VERIFICATION_STATUS=$(echo "$OUTPUT" | grep -o '"VerificationStatus": "[^"]*' | cut -d'"' -f4)
if [[ "$RECIPIENT_VERIFICATION_STATUS" != "Success" ]]; then
echo "Recipient email address $RECIPIENT_EMAIL is not verified yet."
echo "You can try sending the email anyway, but it may fail."
fi
fi
fi
echo "Sending test email from $EMAIL_ADDRESS to $RECIPIENT_EMAIL..." | tee -a "$LOG_FILE"
OUTPUT=$(log_cmd "aws ses send-email \
--from \"$EMAIL_ADDRESS\" \
--destination \"ToAddresses=$RECIPIENT_EMAIL\" \
--message \"Subject={Data=SES Test Email,Charset=UTF-8},Body={Text={Data=This is a test email sent from Amazon SES using the AWS CLI,Charset=UTF-8}}\"")
# Don't exit on send email error, just report it
check_error "$OUTPUT" $? "Failed to send test email" "true"
# Check if the email was sent successfully
if [[ "$OUTPUT" =~ "MessageId" ]]; then
# Extract message ID
MESSAGE_ID=$(echo "$OUTPUT" | grep -o '"MessageId": "[^"]*' | cut -d'"' -f4)
echo "Test email sent successfully! Message ID: $MESSAGE_ID"
else
echo "Failed to send test email. This is likely because your account is in the sandbox environment."
echo "In the sandbox, both sender AND recipient email addresses must be verified."
fi
echo ""
fi
# Summary of created resources
echo ""
echo "============================================="
echo "Setup Complete - Resources Created"
echo "============================================="
for resource in "${CREATED_RESOURCES[@]}"; do
echo "- $resource"
done
echo ""
# Ask if user wants to clean up resources
echo "============================================="
echo "CLEANUP CONFIRMATION"
echo "============================================="
echo "Do you want to clean up all created resources? (y/n):"
read -r CLEANUP_CHOICE
if [[ "$CLEANUP_CHOICE" =~ ^[Yy] ]]; then
cleanup_resources
echo "Cleanup completed."
else
echo "Resources have been preserved."
fi
echo ""
echo "============================================="
echo "Amazon SES Setup Complete"
echo "============================================="
echo "For production use, you may need to request to be moved out of the SES sandbox."
echo "Visit the SES console and navigate to 'Account dashboard' to request production access."
echo ""
echo "Log file: $LOG_FILE"
echo "============================================="
```
+ For API details, see the following topics in *AWS CLI Command Reference*.
+ [DeleteIdentity](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/DeleteIdentity)
+ [GetIdentityVerificationAttributes](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/GetIdentityVerificationAttributes)
+ [GetSendQuota](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/GetSendQuota)
+ [ListIdentities](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/ListIdentities)
+ [SendEmail](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/SendEmail)
+ [VerifyDomainDkim](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/VerifyDomainDkim)
+ [VerifyDomainIdentity](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/VerifyDomainIdentity)
+ [VerifyEmailIdentity](https://docs.aws.amazon.com/goto/aws-cli/email-2010-12-01/VerifyEmailIdentity)