Setting up a connection with the AWS SES SMTP Endpoint

The setup-AWS-SES Jenkins job performs all the steps required for a Self Managed Commerce environment to connect to Amazon’s Simple Email Service (SES) SMTP endpoint. This job allows deployments of Self Managed Commerce to send emails through the SES SMTP interface.

note

The credentials created by this job are used to send email through the Amazon SES SMTP interface and are unique to each AWS region. If you use the Amazon SES SMTP interface to send email in more than one Region, you have to generate a set of SMTP credentials for each Region.

Parameters for the setup-AWS-SES Jenkins Job

plan_mode

When selected, this runs Terraform in plan mode and prompts you to approve changes before you continue. This works in both the setup and destroy modes.

destroy_mode

When checked, this destroys the AWS SES terraform resources instead of creating them.

TF_VAR_awsRegion

The AWS region of your Self Managed Commerce deployment. For more information on which AWS regions have SMTP endpoints, see Service endpoints documentation.

TF_VAR_dnsZoneName

The domain name to be verified. This verifies all email addresses from that domain. For example, if you verify the domain ep.mycompany.com, you can send emails from user1@ep.mycompany.com, user2@ep.mycompany.com, or any other user at ep.mycompany.com.

TF_VAR_hostedZoneID

The hosted zone id of the domain name to be verified.

TF_VAR_updateAWSRecordSets

Updates AWS Route53 with the record sets generated for DKIM and domain verification.

TF_VAR_kubernetes_nickname

The nickname for this group of resources. The nickname corresponds to the namespace that your resources are deployed in.

clusterName

The name of the Kubernetes cluster to setup AWS SES for.

cloudOpsForKubernetesRepoURL

The Git repository URL of the cloudops-for-kubernetes code.

cloudOpsForKubernetesBranch

The branch of cloudops-for-kubernetes to use.

After Setting Up AWS SES

Ensure that email addresses in the Self Managed Commerce database are within the domain used in TF_VAR_dnsZoneName before you send emails with Amazon SES. In the sandbox mode, emails only can be sent to the email addresses and domain that Amazon SES has verified.

• For more information about how to verify email addresses, see the AWS documentation on Verifying Identities in Amazon SES.

If the setup-AWS-SES Jenkins job was run without enabling TF_VAR_updateAWSRecordSets, update your domain’s DNS server with the domain verification token and the DKIM verification tokens.

1. Verifying the Domain

   The domain verification token is found in the ses-verification-TXT-record Terraform output of the job. For more information on how to create a TXT record for this token, see Amazon SES domain verification TXT records.

2. Setting up DKIM

   The DKIM verification tokens are found in the ses-dkim-tokens Terraform output of the job. For more information about how to create CNAME records for these tokens, see Authenticating Email with DKIM in Amazon SES.

   note

   It can take up to 72 hours for Amazon SES to verify that these record sets have been added.

Email Reputation Management

The job that you just ran set up your AWS account with Amazon SES. For more information about how to complete the setup of email reputation management, see Monitoring Your Amazon SES Sender Reputation.

For more information on handling bounce and complaint messages, see Handling Bounces and Complaints.

Requesting Production Access

New Amazon SES accounts are created in sandbox mode. For more information about how to transition out of the sandbox, see Moving Out of the Amazon SES Sandbox in the AWS documentation.

Deploying an Environment with Amazon SES

The setup-AWS-SES job only needs to be run once in CloudOps for Kubernetes. The job creates a Kubernetes secret ep-${kubernetes_nickname}-smtp-secret containing the SMTP credentials.

If the kubernetes_nickname parameter is the same in the deploy-or-delete-commerce-stack Jenkins job and the setup-AWS-SES job.

• Run the deployment job with the includeAWSSES parameter selected.

If the kubernetes_nickname parameter is different.

• Run the deployment job with the parameters: smtpHost, smtpPort, smtpScheme, smtpUser, and smtpPass set.

note

Ensure that you configure your database to use email addresses in the domain you are verified for on AWS SES.