This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::SES::EmailIdentity Specifies an identity for using within SES. An identity is an email address or domain that you use when you send email. Before you can use an identity to send email, you first have to verify it. By verifying an identity, you demonstrate that you're the owner of the identity, and that you've given Amazon SES API v2 permission to send email from the identity. When you verify an email address, SES sends an email to the address. Your email address is verified as soon as you follow the link in the verification email. When you verify a domain without specifying the `DkimSigningAttributes` properties, OR only the `NextSigningKeyLength` property of `DkimSigningAttributes`, this resource provides a set of CNAME token names and values (*DkimDNSTokenName1*, *DkimDNSTokenValue1*, *DkimDNSTokenName2*, *DkimDNSTokenValue2*, *DkimDNSTokenName3*, *DkimDNSTokenValue3*) as outputs. You can then add these to the DNS configuration for your domain. Your domain is verified when Amazon SES detects these records in the DNS configuration for your domain. This verification method is known as Easy DKIM. Alternatively, you can perform the verification process by providing your own public-private key pair. This verification method is known as Bring Your Own DKIM (BYODKIM). To use BYODKIM, your resource must include `DkimSigningAttributes` properties `DomainSigningSelector` and `DomainSigningPrivateKey`. When you specify this object, you provide a selector (`DomainSigningSelector`) (a component of the DNS record name that identifies the public key to use for DKIM authentication) and a private key (`DomainSigningPrivateKey`). Additionally, you can associate an existing configuration set with the email identity that you're verifying. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::SES::EmailIdentity", "Properties" : { "[ConfigurationSetAttributes](#cfn-ses-emailidentity-configurationsetattributes)" : ConfigurationSetAttributes, "[DkimAttributes](#cfn-ses-emailidentity-dkimattributes)" : DkimAttributes, "[DkimSigningAttributes](#cfn-ses-emailidentity-dkimsigningattributes)" : DkimSigningAttributes, "[EmailIdentity](#cfn-ses-emailidentity-emailidentity)" : String, "[FeedbackAttributes](#cfn-ses-emailidentity-feedbackattributes)" : FeedbackAttributes, "[MailFromAttributes](#cfn-ses-emailidentity-mailfromattributes)" : MailFromAttributes, "[Tags](#cfn-ses-emailidentity-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::SES::EmailIdentity Properties: [ConfigurationSetAttributes](#cfn-ses-emailidentity-configurationsetattributes): ConfigurationSetAttributes [DkimAttributes](#cfn-ses-emailidentity-dkimattributes): DkimAttributes [DkimSigningAttributes](#cfn-ses-emailidentity-dkimsigningattributes): DkimSigningAttributes [EmailIdentity](#cfn-ses-emailidentity-emailidentity): String [FeedbackAttributes](#cfn-ses-emailidentity-feedbackattributes): FeedbackAttributes [MailFromAttributes](#cfn-ses-emailidentity-mailfromattributes): MailFromAttributes [Tags](#cfn-ses-emailidentity-tags): - Tag ``` ## Properties `ConfigurationSetAttributes` Used to associate a configuration set with an email identity. *Required*: No *Type*: [ConfigurationSetAttributes](aws-properties-ses-emailidentity-configurationsetattributes.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DkimAttributes` An object that contains information about the DKIM attributes for the identity. *Required*: No *Type*: [DkimAttributes](aws-properties-ses-emailidentity-dkimattributes.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DkimSigningAttributes` If your request includes this object, Amazon SES configures the identity to use Bring Your Own DKIM (BYODKIM) for DKIM authentication purposes, or, configures the key length to be used for [Easy DKIM](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/easy-dkim.html). You can only specify this object if the email identity is a domain, as opposed to an address. *Required*: No *Type*: [DkimSigningAttributes](aws-properties-ses-emailidentity-dkimsigningattributes.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EmailIdentity` The email address or domain to verify. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `FeedbackAttributes` Used to enable or disable feedback forwarding for an identity. *Required*: No *Type*: [FeedbackAttributes](aws-properties-ses-emailidentity-feedbackattributes.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MailFromAttributes` Used to enable or disable the custom Mail-From domain configuration for an email identity. *Required*: No *Type*: [MailFromAttributes](aws-properties-ses-emailidentity-mailfromattributes.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` An array of objects that define the tags (keys and values) to associate with the email identity. *Required*: No *Type*: Array of [Tag](aws-properties-ses-emailidentity-tag.md) *Minimum*: `0` *Maximum*: `50` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the resource name. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt #### `DkimDNSTokenName1` The host name for the first token that you have to add to the DNS configuration for your domain. `DkimDNSTokenName2` The host name for the second token that you have to add to the DNS configuration for your domain. `DkimDNSTokenName3` The host name for the third token that you have to add to the DNS configuration for your domain. `DkimDNSTokenValue1` The record value for the first token that you have to add to the DNS configuration for your domain. `DkimDNSTokenValue2` The record value for the second token that you have to add to the DNS configuration for your domain. `DkimDNSTokenValue3` The record value for the third token that you have to add to the DNS configuration for your domain. # AWS::SES::EmailIdentity ConfigurationSetAttributes Used to associate a configuration set with an email identity. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[ConfigurationSetName](#cfn-ses-emailidentity-configurationsetattributes-configurationsetname)" : String } ``` ### YAML ``` [ConfigurationSetName](#cfn-ses-emailidentity-configurationsetattributes-configurationsetname): String ``` ## Properties `ConfigurationSetName` The configuration set to associate with an email identity. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::SES::EmailIdentity DkimAttributes Used to enable or disable DKIM authentication for an email identity. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[SigningEnabled](#cfn-ses-emailidentity-dkimattributes-signingenabled)" : Boolean } ``` ### YAML ``` [SigningEnabled](#cfn-ses-emailidentity-dkimattributes-signingenabled): Boolean ``` ## Properties `SigningEnabled` Sets the DKIM signing configuration for the identity. When you set this value `true`, then the messages that are sent from the identity are signed using DKIM. If you set this value to `false`, your messages are sent without DKIM signing. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::SES::EmailIdentity DkimSigningAttributes Used to configure or change the DKIM authentication settings for an email domain identity. You can use this operation to do any of the following: + Update the signing attributes for an identity that uses Bring Your Own DKIM (BYODKIM). + Update the key length that should be used for Easy DKIM. + Change from using no DKIM authentication to using Easy DKIM. + Change from using no DKIM authentication to using BYODKIM. + Change from using Easy DKIM to using BYODKIM. + Change from using BYODKIM to using Easy DKIM. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[DomainSigningPrivateKey](#cfn-ses-emailidentity-dkimsigningattributes-domainsigningprivatekey)" : String, "[DomainSigningSelector](#cfn-ses-emailidentity-dkimsigningattributes-domainsigningselector)" : String, "[NextSigningKeyLength](#cfn-ses-emailidentity-dkimsigningattributes-nextsigningkeylength)" : String } ``` ### YAML ``` [DomainSigningPrivateKey](#cfn-ses-emailidentity-dkimsigningattributes-domainsigningprivatekey): String [DomainSigningSelector](#cfn-ses-emailidentity-dkimsigningattributes-domainsigningselector): String [NextSigningKeyLength](#cfn-ses-emailidentity-dkimsigningattributes-nextsigningkeylength): String ``` ## Properties `DomainSigningPrivateKey` [Bring Your Own DKIM] A private key that's used to generate a DKIM signature. The private key must use 1024 or 2048-bit RSA encryption, and must be encoded using base64 encoding. Rather than embedding sensitive information directly in your CFN templates, we recommend you use dynamic parameters in the stack template to reference sensitive information that is stored and managed outside of CFN, such as in the AWS Systems Manager Parameter Store or AWS Secrets Manager. For more information, see the [Do not embed credentials in your templates](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/best-practices.html#creds) best practice. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DomainSigningSelector` [Bring Your Own DKIM] A string that's used to identify a public key in the DNS configuration for a domain. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `NextSigningKeyLength` [Easy DKIM] The key length of the future DKIM key pair to be generated. This can be changed at most once per day. Valid Values: `RSA_1024_BIT | RSA_2048_BIT` *Required*: No *Type*: String *Pattern*: `RSA_1024_BIT|RSA_2048_BIT` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::SES::EmailIdentity FeedbackAttributes Used to enable or disable feedback forwarding for an identity. This setting determines what happens when an identity is used to send an email that results in a bounce or complaint event. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[EmailForwardingEnabled](#cfn-ses-emailidentity-feedbackattributes-emailforwardingenabled)" : Boolean } ``` ### YAML ``` [EmailForwardingEnabled](#cfn-ses-emailidentity-feedbackattributes-emailforwardingenabled): Boolean ``` ## Properties `EmailForwardingEnabled` Sets the feedback forwarding configuration for the identity. If the value is `true`, you receive email notifications when bounce or complaint events occur. These notifications are sent to the address that you specified in the `Return-Path` header of the original email. You're required to have a method of tracking bounces and complaints. If you haven't set up another mechanism for receiving bounce or complaint notifications (for example, by setting up an event destination), you receive an email notification when these events occur (even if this setting is disabled). *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::SES::EmailIdentity MailFromAttributes Used to enable or disable the custom Mail-From domain configuration for an email identity. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[BehaviorOnMxFailure](#cfn-ses-emailidentity-mailfromattributes-behavioronmxfailure)" : String, "[MailFromDomain](#cfn-ses-emailidentity-mailfromattributes-mailfromdomain)" : String } ``` ### YAML ``` [BehaviorOnMxFailure](#cfn-ses-emailidentity-mailfromattributes-behavioronmxfailure): String [MailFromDomain](#cfn-ses-emailidentity-mailfromattributes-mailfromdomain): String ``` ## Properties `BehaviorOnMxFailure` The action to take if the required MX record isn't found when you send an email. When you set this value to `USE_DEFAULT_VALUE`, the mail is sent using *amazonses.com* as the MAIL FROM domain. When you set this value to `REJECT_MESSAGE`, the Amazon SES API v2 returns a `MailFromDomainNotVerified` error, and doesn't attempt to deliver the email. These behaviors are taken when the custom MAIL FROM domain configuration is in the `Pending`, `Failed`, and `TemporaryFailure` states. Valid Values: `USE_DEFAULT_VALUE | REJECT_MESSAGE` *Required*: No *Type*: String *Pattern*: `USE_DEFAULT_VALUE|REJECT_MESSAGE` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MailFromDomain` The custom MAIL FROM domain that you want the verified identity to use. The MAIL FROM domain must meet the following criteria: + It has to be a subdomain of the verified identity. + It can't be used to receive email. + It can't be used in a "From" address if the MAIL FROM domain is a destination for feedback forwarding emails. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::SES::EmailIdentity Tag A key-value pair (the value is optional), that you can define and assign to AWS resources. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-ses-emailidentity-tag-key)" : String, "[Value](#cfn-ses-emailidentity-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-ses-emailidentity-tag-key): String [Value](#cfn-ses-emailidentity-tag-value): String ``` ## Properties `Key` The key of the key-value tag. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value of the key-value tag. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)