CloudFormation provides several built-in Amazon SES resource types, but as of 2020 is still missing the ones many people need: domain and email verification.
Fortunately, CloudFormation has the ability to define your own custom resource types. I've built Custom::SES_Domain
and Custom::SES_EmailIdentity
resources that are designed to play well with other CloudFormation resources. Get them here: https://github.com/medmunds/aws-cfn-ses-domain.
Once you've pulled the custom CfnSESResources
into your template, you can verify an SES domain like this:
Resources:
# Provision a domain with Amazon SES:
MySESDomain:
Type: Custom::SES_Domain
Properties:
ServiceToken: !GetAtt CfnSESResources.Outputs.CustomDomainIdentityArn
Domain: "example.com"
EnableSend: true
EnableReceive: false
# Then add all required DNS records for SES verification and usage:
MyRoute53RecordsForSES:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: "example.com."
RecordSets: !GetAtt MySESDomain.Route53RecordSets
Full instructions are in the repository. Custom::SES_Domain
has properties for controlling several common SES domain options, and exposes attributes that feed into your CloudFormation DNS resources: either a standard AWS::Route53::RecordSetGroup
resource as shown above, or other (external) DNS providers via zone file entries.