Amazon Simple Email Service

2024/08/21 - Amazon Simple Email Service - 5 updated api methods

Changes  Enable email receiving customers to provide SES with access to their S3 buckets via an IAM role for "Deliver to S3 Action"

CreateReceiptRule (updated) Link ¶
Changes (request)
{'Rule': {'Actions': {'S3Action': {'IamRoleArn': 'string'}}}}

Creates a receipt rule.

For information about setting up receipt rules, see the Amazon SES Developer Guide.

You can execute this operation no more than once per second.

See also: AWS API Documentation

Request Syntax

client.create_receipt_rule(
    RuleSetName='string',
    After='string',
    Rule={
        'Name': 'string',
        'Enabled': True|False,
        'TlsPolicy': 'Require'|'Optional',
        'Recipients': [
            'string',
        ],
        'Actions': [
            {
                'S3Action': {
                    'TopicArn': 'string',
                    'BucketName': 'string',
                    'ObjectKeyPrefix': 'string',
                    'KmsKeyArn': 'string',
                    'IamRoleArn': 'string'
                },
                'BounceAction': {
                    'TopicArn': 'string',
                    'SmtpReplyCode': 'string',
                    'StatusCode': 'string',
                    'Message': 'string',
                    'Sender': 'string'
                },
                'WorkmailAction': {
                    'TopicArn': 'string',
                    'OrganizationArn': 'string'
                },
                'LambdaAction': {
                    'TopicArn': 'string',
                    'FunctionArn': 'string',
                    'InvocationType': 'Event'|'RequestResponse'
                },
                'StopAction': {
                    'Scope': 'RuleSet',
                    'TopicArn': 'string'
                },
                'AddHeaderAction': {
                    'HeaderName': 'string',
                    'HeaderValue': 'string'
                },
                'SNSAction': {
                    'TopicArn': 'string',
                    'Encoding': 'UTF-8'|'Base64'
                }
            },
        ],
        'ScanEnabled': True|False
    }
)
type RuleSetName

string

param RuleSetName

[REQUIRED]

The name of the rule set where the receipt rule is added.

type After

string

param After

The name of an existing rule after which the new rule is placed. If this parameter is null, the new rule is inserted at the beginning of the rule list.

type Rule

dict

param Rule

[REQUIRED]

A data structure that contains the specified rule's name, actions, recipients, domains, enabled status, scan status, and TLS policy.

  • Name (string) -- [REQUIRED]

    The name of the receipt rule. The name must meet the following requirements:

    • Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), dashes (-), or periods (.).

    • Start and end with a letter or number.

    • Contain 64 characters or fewer.

  • Enabled (boolean) --

    If true , the receipt rule is active. The default value is false .

  • TlsPolicy (string) --

    Specifies whether Amazon SES should require that incoming email is delivered over a connection encrypted with Transport Layer Security (TLS). If this parameter is set to Require , Amazon SES bounces emails that are not received over TLS. The default is Optional .

  • Recipients (list) --

    The recipient domains and email addresses that the receipt rule applies to. If this field is not specified, this rule matches all recipients on all verified domains.

    • (string) --

  • Actions (list) --

    An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule.

    • (dict) --

      An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.

      For information about setting up receipt rules, see the Amazon SES Developer Guide.

      • S3Action (dict) --

        Saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon SNS.

        • TopicArn (string) --

          The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • BucketName (string) -- [REQUIRED]

          The name of the Amazon S3 bucket for incoming email.

        • ObjectKeyPrefix (string) --

          The key prefix of the Amazon S3 bucket. The key prefix is similar to a directory name that enables you to store similar data under the same directory in a bucket.

        • KmsKeyArn (string) --

          The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that you created in Amazon Web Services KMS as follows:

          • To use the default managed key, provide an ARN in the form of arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses . For example, if your Amazon Web Services account ID is 123456789012 and you want to use the default managed key in the US West (Oregon) Region, the ARN of the default master key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses . If you use the default managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key.

          • To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of the managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the Amazon SES Developer Guide.

          For more information about key policies, see the Amazon Web Services KMS Developer Guide. If you do not specify a managed key, Amazon SES does not encrypt your emails.

          Warning

          Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your Amazon Web Services KMS keys for decryption. This encryption client is currently available with the Amazon Web Services SDK for Java and Amazon Web Services SDK for Ruby only. For more information about client-side encryption using Amazon Web Services KMS managed keys, see the Amazon S3 Developer Guide.

        • IamRoleArn (string) --

          The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic. This role should have access to the following APIs:

          • s3:PutObject , kms:Encrypt and kms:GenerateDataKey for the given Amazon S3 bucket.

          • kms:GenerateDataKey for the given Amazon Web Services KMS customer managed key.

          • sns:Publish for the given Amazon SNS topic.

          Note

          If an IAM role ARN is provided, the role (and only the role) is used to access all the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic). Therefore, setting up individual resource access permissions is not required.

      • BounceAction (dict) --

        Rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the bounce action is taken. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • SmtpReplyCode (string) -- [REQUIRED]

          The SMTP reply code, as defined by RFC 5321.

        • StatusCode (string) --

          The SMTP enhanced status code, as defined by RFC 3463.

        • Message (string) -- [REQUIRED]

          Human-readable text to include in the bounce message.

        • Sender (string) -- [REQUIRED]

          The email address of the sender of the bounced email. This is the address from which the bounce message is sent.

      • WorkmailAction (dict) --

        Calls Amazon WorkMail and, optionally, publishes a notification to Amazon Amazon SNS.

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • OrganizationArn (string) -- [REQUIRED]

          The Amazon Resource Name (ARN) of the Amazon WorkMail organization. Amazon WorkMail ARNs use the following format:

          arn:aws:workmail:<region>:<awsAccountId>:organization/<workmailOrganizationId>

          You can find the ID of your organization by using the ListOrganizations operation in Amazon WorkMail. Amazon WorkMail organization IDs begin with " m- ", followed by a string of alphanumeric characters.

          For information about Amazon WorkMail organizations, see the Amazon WorkMail Administrator Guide.

      • LambdaAction (dict) --

        Calls an Amazon Web Services Lambda function, and optionally, publishes a notification to Amazon SNS.

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the Lambda action is executed. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • FunctionArn (string) -- [REQUIRED]

          The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function. An example of an Amazon Web Services Lambda function ARN is arn:aws:lambda:us-west-2:account-id:function:MyFunction . For more information about Amazon Web Services Lambda, see the Amazon Web Services Lambda Developer Guide.

        • InvocationType (string) --

          The invocation type of the Amazon Web Services Lambda function. An invocation type of RequestResponse means that the execution of the function immediately results in a response, and a value of Event means that the function is invoked asynchronously. The default value is Event . For information about Amazon Web Services Lambda invocation types, see the Amazon Web Services Lambda Developer Guide.

          Warning

          There is a 30-second timeout on RequestResponse invocations. You should use Event invocation in most cases. Use RequestResponse only to make a mail flow decision, such as whether to stop the receipt rule or the receipt rule set.

      • StopAction (dict) --

        Terminates the evaluation of the receipt rule set and optionally publishes a notification to Amazon SNS.

        • Scope (string) -- [REQUIRED]

          The scope of the StopAction. The only acceptable value is RuleSet .

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. You can find the ARN of a topic by using the ListTopics Amazon SNS operation.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

      • AddHeaderAction (dict) --

        Adds a header to the received email.

        • HeaderName (string) -- [REQUIRED]

          The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric (a–z, A–Z, 0–9) characters and dashes.

        • HeaderValue (string) -- [REQUIRED]

          The content to include in the header. This value can contain up to 2048 characters. It can't contain newline ( \n ) or carriage return ( \r ) characters.

      • SNSAction (dict) --

        Publishes the email content within a notification to Amazon SNS.

        • TopicArn (string) -- [REQUIRED]

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • Encoding (string) --

          The encoding to use for the email within the Amazon SNS notification. UTF-8 is easier to use, but may not preserve all special characters when a message was encoded with a different encoding format. Base64 preserves all special characters. The default value is UTF-8.

  • ScanEnabled (boolean) --

    If true , then messages that this receipt rule applies to are scanned for spam and viruses. The default value is false .

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

    An empty element returned on a successful request.

DescribeActiveReceiptRuleSet (updated) Link ¶
Changes (response)
{'Rules': {'Actions': {'S3Action': {'IamRoleArn': 'string'}}}}

Returns the metadata and receipt rules for the receipt rule set that is currently active.

For information about setting up receipt rule sets, see the Amazon SES Developer Guide.

You can execute this operation no more than once per second.

See also: AWS API Documentation

Request Syntax

client.describe_active_receipt_rule_set()
rtype

dict

returns

Response Syntax

{
    'Metadata': {
        'Name': 'string',
        'CreatedTimestamp': datetime(2015, 1, 1)
    },
    'Rules': [
        {
            'Name': 'string',
            'Enabled': True|False,
            'TlsPolicy': 'Require'|'Optional',
            'Recipients': [
                'string',
            ],
            'Actions': [
                {
                    'S3Action': {
                        'TopicArn': 'string',
                        'BucketName': 'string',
                        'ObjectKeyPrefix': 'string',
                        'KmsKeyArn': 'string',
                        'IamRoleArn': 'string'
                    },
                    'BounceAction': {
                        'TopicArn': 'string',
                        'SmtpReplyCode': 'string',
                        'StatusCode': 'string',
                        'Message': 'string',
                        'Sender': 'string'
                    },
                    'WorkmailAction': {
                        'TopicArn': 'string',
                        'OrganizationArn': 'string'
                    },
                    'LambdaAction': {
                        'TopicArn': 'string',
                        'FunctionArn': 'string',
                        'InvocationType': 'Event'|'RequestResponse'
                    },
                    'StopAction': {
                        'Scope': 'RuleSet',
                        'TopicArn': 'string'
                    },
                    'AddHeaderAction': {
                        'HeaderName': 'string',
                        'HeaderValue': 'string'
                    },
                    'SNSAction': {
                        'TopicArn': 'string',
                        'Encoding': 'UTF-8'|'Base64'
                    }
                },
            ],
            'ScanEnabled': True|False
        },
    ]
}

Response Structure

  • (dict) --

    Represents the metadata and receipt rules for the receipt rule set that is currently active.

    • Metadata (dict) --

      The metadata for the currently active receipt rule set. The metadata consists of the rule set name and a timestamp of when the rule set was created.

      • Name (string) --

        The name of the receipt rule set. The name must meet the following requirements:

        • Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-).

        • Start and end with a letter or number.

        • Contain 64 characters or fewer.

      • CreatedTimestamp (datetime) --

        The date and time the receipt rule set was created.

    • Rules (list) --

      The receipt rules that belong to the active rule set.

      • (dict) --

        Receipt rules enable you to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own.

        Each receipt rule defines a set of email addresses or domains that it applies to. If the email addresses or domains match at least one recipient address of the message, Amazon SES executes all of the receipt rule's actions on the message.

        For information about setting up receipt rules, see the Amazon SES Developer Guide.

        • Name (string) --

          The name of the receipt rule. The name must meet the following requirements:

          • Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), dashes (-), or periods (.).

          • Start and end with a letter or number.

          • Contain 64 characters or fewer.

        • Enabled (boolean) --

          If true , the receipt rule is active. The default value is false .

        • TlsPolicy (string) --

          Specifies whether Amazon SES should require that incoming email is delivered over a connection encrypted with Transport Layer Security (TLS). If this parameter is set to Require , Amazon SES bounces emails that are not received over TLS. The default is Optional .

        • Recipients (list) --

          The recipient domains and email addresses that the receipt rule applies to. If this field is not specified, this rule matches all recipients on all verified domains.

          • (string) --

        • Actions (list) --

          An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule.

          • (dict) --

            An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.

            For information about setting up receipt rules, see the Amazon SES Developer Guide.

            • S3Action (dict) --

              Saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon SNS.

              • TopicArn (string) --

                The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • BucketName (string) --

                The name of the Amazon S3 bucket for incoming email.

              • ObjectKeyPrefix (string) --

                The key prefix of the Amazon S3 bucket. The key prefix is similar to a directory name that enables you to store similar data under the same directory in a bucket.

              • KmsKeyArn (string) --

                The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that you created in Amazon Web Services KMS as follows:

                • To use the default managed key, provide an ARN in the form of arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses . For example, if your Amazon Web Services account ID is 123456789012 and you want to use the default managed key in the US West (Oregon) Region, the ARN of the default master key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses . If you use the default managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key.

                • To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of the managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the Amazon SES Developer Guide.

                For more information about key policies, see the Amazon Web Services KMS Developer Guide. If you do not specify a managed key, Amazon SES does not encrypt your emails.

                Warning

                Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your Amazon Web Services KMS keys for decryption. This encryption client is currently available with the Amazon Web Services SDK for Java and Amazon Web Services SDK for Ruby only. For more information about client-side encryption using Amazon Web Services KMS managed keys, see the Amazon S3 Developer Guide.

              • IamRoleArn (string) --

                The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic. This role should have access to the following APIs:

                • s3:PutObject , kms:Encrypt and kms:GenerateDataKey for the given Amazon S3 bucket.

                • kms:GenerateDataKey for the given Amazon Web Services KMS customer managed key.

                • sns:Publish for the given Amazon SNS topic.

                Note

                If an IAM role ARN is provided, the role (and only the role) is used to access all the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic). Therefore, setting up individual resource access permissions is not required.

            • BounceAction (dict) --

              Rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the bounce action is taken. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • SmtpReplyCode (string) --

                The SMTP reply code, as defined by RFC 5321.

              • StatusCode (string) --

                The SMTP enhanced status code, as defined by RFC 3463.

              • Message (string) --

                Human-readable text to include in the bounce message.

              • Sender (string) --

                The email address of the sender of the bounced email. This is the address from which the bounce message is sent.

            • WorkmailAction (dict) --

              Calls Amazon WorkMail and, optionally, publishes a notification to Amazon Amazon SNS.

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • OrganizationArn (string) --

                The Amazon Resource Name (ARN) of the Amazon WorkMail organization. Amazon WorkMail ARNs use the following format:

                arn:aws:workmail:<region>:<awsAccountId>:organization/<workmailOrganizationId>

                You can find the ID of your organization by using the ListOrganizations operation in Amazon WorkMail. Amazon WorkMail organization IDs begin with " m- ", followed by a string of alphanumeric characters.

                For information about Amazon WorkMail organizations, see the Amazon WorkMail Administrator Guide.

            • LambdaAction (dict) --

              Calls an Amazon Web Services Lambda function, and optionally, publishes a notification to Amazon SNS.

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the Lambda action is executed. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • FunctionArn (string) --

                The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function. An example of an Amazon Web Services Lambda function ARN is arn:aws:lambda:us-west-2:account-id:function:MyFunction . For more information about Amazon Web Services Lambda, see the Amazon Web Services Lambda Developer Guide.

              • InvocationType (string) --

                The invocation type of the Amazon Web Services Lambda function. An invocation type of RequestResponse means that the execution of the function immediately results in a response, and a value of Event means that the function is invoked asynchronously. The default value is Event . For information about Amazon Web Services Lambda invocation types, see the Amazon Web Services Lambda Developer Guide.

                Warning

                There is a 30-second timeout on RequestResponse invocations. You should use Event invocation in most cases. Use RequestResponse only to make a mail flow decision, such as whether to stop the receipt rule or the receipt rule set.

            • StopAction (dict) --

              Terminates the evaluation of the receipt rule set and optionally publishes a notification to Amazon SNS.

              • Scope (string) --

                The scope of the StopAction. The only acceptable value is RuleSet .

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. You can find the ARN of a topic by using the ListTopics Amazon SNS operation.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

            • AddHeaderAction (dict) --

              Adds a header to the received email.

              • HeaderName (string) --

                The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric (a–z, A–Z, 0–9) characters and dashes.

              • HeaderValue (string) --

                The content to include in the header. This value can contain up to 2048 characters. It can't contain newline ( \n ) or carriage return ( \r ) characters.

            • SNSAction (dict) --

              Publishes the email content within a notification to Amazon SNS.

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • Encoding (string) --

                The encoding to use for the email within the Amazon SNS notification. UTF-8 is easier to use, but may not preserve all special characters when a message was encoded with a different encoding format. Base64 preserves all special characters. The default value is UTF-8.

        • ScanEnabled (boolean) --

          If true , then messages that this receipt rule applies to are scanned for spam and viruses. The default value is false .

DescribeReceiptRule (updated) Link ¶
Changes (response)
{'Rule': {'Actions': {'S3Action': {'IamRoleArn': 'string'}}}}

Returns the details of the specified receipt rule.

For information about setting up receipt rules, see the Amazon SES Developer Guide.

You can execute this operation no more than once per second.

See also: AWS API Documentation

Request Syntax

client.describe_receipt_rule(
    RuleSetName='string',
    RuleName='string'
)
type RuleSetName

string

param RuleSetName

[REQUIRED]

The name of the receipt rule set that the receipt rule belongs to.

type RuleName

string

param RuleName

[REQUIRED]

The name of the receipt rule.

rtype

dict

returns

Response Syntax

{
    'Rule': {
        'Name': 'string',
        'Enabled': True|False,
        'TlsPolicy': 'Require'|'Optional',
        'Recipients': [
            'string',
        ],
        'Actions': [
            {
                'S3Action': {
                    'TopicArn': 'string',
                    'BucketName': 'string',
                    'ObjectKeyPrefix': 'string',
                    'KmsKeyArn': 'string',
                    'IamRoleArn': 'string'
                },
                'BounceAction': {
                    'TopicArn': 'string',
                    'SmtpReplyCode': 'string',
                    'StatusCode': 'string',
                    'Message': 'string',
                    'Sender': 'string'
                },
                'WorkmailAction': {
                    'TopicArn': 'string',
                    'OrganizationArn': 'string'
                },
                'LambdaAction': {
                    'TopicArn': 'string',
                    'FunctionArn': 'string',
                    'InvocationType': 'Event'|'RequestResponse'
                },
                'StopAction': {
                    'Scope': 'RuleSet',
                    'TopicArn': 'string'
                },
                'AddHeaderAction': {
                    'HeaderName': 'string',
                    'HeaderValue': 'string'
                },
                'SNSAction': {
                    'TopicArn': 'string',
                    'Encoding': 'UTF-8'|'Base64'
                }
            },
        ],
        'ScanEnabled': True|False
    }
}

Response Structure

  • (dict) --

    Represents the details of a receipt rule.

    • Rule (dict) --

      A data structure that contains the specified receipt rule's name, actions, recipients, domains, enabled status, scan status, and Transport Layer Security (TLS) policy.

      • Name (string) --

        The name of the receipt rule. The name must meet the following requirements:

        • Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), dashes (-), or periods (.).

        • Start and end with a letter or number.

        • Contain 64 characters or fewer.

      • Enabled (boolean) --

        If true , the receipt rule is active. The default value is false .

      • TlsPolicy (string) --

        Specifies whether Amazon SES should require that incoming email is delivered over a connection encrypted with Transport Layer Security (TLS). If this parameter is set to Require , Amazon SES bounces emails that are not received over TLS. The default is Optional .

      • Recipients (list) --

        The recipient domains and email addresses that the receipt rule applies to. If this field is not specified, this rule matches all recipients on all verified domains.

        • (string) --

      • Actions (list) --

        An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule.

        • (dict) --

          An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.

          For information about setting up receipt rules, see the Amazon SES Developer Guide.

          • S3Action (dict) --

            Saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon SNS.

            • TopicArn (string) --

              The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

              For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

            • BucketName (string) --

              The name of the Amazon S3 bucket for incoming email.

            • ObjectKeyPrefix (string) --

              The key prefix of the Amazon S3 bucket. The key prefix is similar to a directory name that enables you to store similar data under the same directory in a bucket.

            • KmsKeyArn (string) --

              The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that you created in Amazon Web Services KMS as follows:

              • To use the default managed key, provide an ARN in the form of arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses . For example, if your Amazon Web Services account ID is 123456789012 and you want to use the default managed key in the US West (Oregon) Region, the ARN of the default master key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses . If you use the default managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key.

              • To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of the managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the Amazon SES Developer Guide.

              For more information about key policies, see the Amazon Web Services KMS Developer Guide. If you do not specify a managed key, Amazon SES does not encrypt your emails.

              Warning

              Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your Amazon Web Services KMS keys for decryption. This encryption client is currently available with the Amazon Web Services SDK for Java and Amazon Web Services SDK for Ruby only. For more information about client-side encryption using Amazon Web Services KMS managed keys, see the Amazon S3 Developer Guide.

            • IamRoleArn (string) --

              The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic. This role should have access to the following APIs:

              • s3:PutObject , kms:Encrypt and kms:GenerateDataKey for the given Amazon S3 bucket.

              • kms:GenerateDataKey for the given Amazon Web Services KMS customer managed key.

              • sns:Publish for the given Amazon SNS topic.

              Note

              If an IAM role ARN is provided, the role (and only the role) is used to access all the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic). Therefore, setting up individual resource access permissions is not required.

          • BounceAction (dict) --

            Rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).

            • TopicArn (string) --

              The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the bounce action is taken. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

              For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

            • SmtpReplyCode (string) --

              The SMTP reply code, as defined by RFC 5321.

            • StatusCode (string) --

              The SMTP enhanced status code, as defined by RFC 3463.

            • Message (string) --

              Human-readable text to include in the bounce message.

            • Sender (string) --

              The email address of the sender of the bounced email. This is the address from which the bounce message is sent.

          • WorkmailAction (dict) --

            Calls Amazon WorkMail and, optionally, publishes a notification to Amazon Amazon SNS.

            • TopicArn (string) --

              The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

              For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

            • OrganizationArn (string) --

              The Amazon Resource Name (ARN) of the Amazon WorkMail organization. Amazon WorkMail ARNs use the following format:

              arn:aws:workmail:<region>:<awsAccountId>:organization/<workmailOrganizationId>

              You can find the ID of your organization by using the ListOrganizations operation in Amazon WorkMail. Amazon WorkMail organization IDs begin with " m- ", followed by a string of alphanumeric characters.

              For information about Amazon WorkMail organizations, see the Amazon WorkMail Administrator Guide.

          • LambdaAction (dict) --

            Calls an Amazon Web Services Lambda function, and optionally, publishes a notification to Amazon SNS.

            • TopicArn (string) --

              The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the Lambda action is executed. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

              For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

            • FunctionArn (string) --

              The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function. An example of an Amazon Web Services Lambda function ARN is arn:aws:lambda:us-west-2:account-id:function:MyFunction . For more information about Amazon Web Services Lambda, see the Amazon Web Services Lambda Developer Guide.

            • InvocationType (string) --

              The invocation type of the Amazon Web Services Lambda function. An invocation type of RequestResponse means that the execution of the function immediately results in a response, and a value of Event means that the function is invoked asynchronously. The default value is Event . For information about Amazon Web Services Lambda invocation types, see the Amazon Web Services Lambda Developer Guide.

              Warning

              There is a 30-second timeout on RequestResponse invocations. You should use Event invocation in most cases. Use RequestResponse only to make a mail flow decision, such as whether to stop the receipt rule or the receipt rule set.

          • StopAction (dict) --

            Terminates the evaluation of the receipt rule set and optionally publishes a notification to Amazon SNS.

            • Scope (string) --

              The scope of the StopAction. The only acceptable value is RuleSet .

            • TopicArn (string) --

              The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. You can find the ARN of a topic by using the ListTopics Amazon SNS operation.

              For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

          • AddHeaderAction (dict) --

            Adds a header to the received email.

            • HeaderName (string) --

              The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric (a–z, A–Z, 0–9) characters and dashes.

            • HeaderValue (string) --

              The content to include in the header. This value can contain up to 2048 characters. It can't contain newline ( \n ) or carriage return ( \r ) characters.

          • SNSAction (dict) --

            Publishes the email content within a notification to Amazon SNS.

            • TopicArn (string) --

              The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

              For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

            • Encoding (string) --

              The encoding to use for the email within the Amazon SNS notification. UTF-8 is easier to use, but may not preserve all special characters when a message was encoded with a different encoding format. Base64 preserves all special characters. The default value is UTF-8.

      • ScanEnabled (boolean) --

        If true , then messages that this receipt rule applies to are scanned for spam and viruses. The default value is false .

DescribeReceiptRuleSet (updated) Link ¶
Changes (response)
{'Rules': {'Actions': {'S3Action': {'IamRoleArn': 'string'}}}}

Returns the details of the specified receipt rule set.

For information about managing receipt rule sets, see the Amazon SES Developer Guide.

You can execute this operation no more than once per second.

See also: AWS API Documentation

Request Syntax

client.describe_receipt_rule_set(
    RuleSetName='string'
)
type RuleSetName

string

param RuleSetName

[REQUIRED]

The name of the receipt rule set to describe.

rtype

dict

returns

Response Syntax

{
    'Metadata': {
        'Name': 'string',
        'CreatedTimestamp': datetime(2015, 1, 1)
    },
    'Rules': [
        {
            'Name': 'string',
            'Enabled': True|False,
            'TlsPolicy': 'Require'|'Optional',
            'Recipients': [
                'string',
            ],
            'Actions': [
                {
                    'S3Action': {
                        'TopicArn': 'string',
                        'BucketName': 'string',
                        'ObjectKeyPrefix': 'string',
                        'KmsKeyArn': 'string',
                        'IamRoleArn': 'string'
                    },
                    'BounceAction': {
                        'TopicArn': 'string',
                        'SmtpReplyCode': 'string',
                        'StatusCode': 'string',
                        'Message': 'string',
                        'Sender': 'string'
                    },
                    'WorkmailAction': {
                        'TopicArn': 'string',
                        'OrganizationArn': 'string'
                    },
                    'LambdaAction': {
                        'TopicArn': 'string',
                        'FunctionArn': 'string',
                        'InvocationType': 'Event'|'RequestResponse'
                    },
                    'StopAction': {
                        'Scope': 'RuleSet',
                        'TopicArn': 'string'
                    },
                    'AddHeaderAction': {
                        'HeaderName': 'string',
                        'HeaderValue': 'string'
                    },
                    'SNSAction': {
                        'TopicArn': 'string',
                        'Encoding': 'UTF-8'|'Base64'
                    }
                },
            ],
            'ScanEnabled': True|False
        },
    ]
}

Response Structure

  • (dict) --

    Represents the details of the specified receipt rule set.

    • Metadata (dict) --

      The metadata for the receipt rule set, which consists of the rule set name and the timestamp of when the rule set was created.

      • Name (string) --

        The name of the receipt rule set. The name must meet the following requirements:

        • Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-).

        • Start and end with a letter or number.

        • Contain 64 characters or fewer.

      • CreatedTimestamp (datetime) --

        The date and time the receipt rule set was created.

    • Rules (list) --

      A list of the receipt rules that belong to the specified receipt rule set.

      • (dict) --

        Receipt rules enable you to specify which actions Amazon SES should take when it receives mail on behalf of one or more email addresses or domains that you own.

        Each receipt rule defines a set of email addresses or domains that it applies to. If the email addresses or domains match at least one recipient address of the message, Amazon SES executes all of the receipt rule's actions on the message.

        For information about setting up receipt rules, see the Amazon SES Developer Guide.

        • Name (string) --

          The name of the receipt rule. The name must meet the following requirements:

          • Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), dashes (-), or periods (.).

          • Start and end with a letter or number.

          • Contain 64 characters or fewer.

        • Enabled (boolean) --

          If true , the receipt rule is active. The default value is false .

        • TlsPolicy (string) --

          Specifies whether Amazon SES should require that incoming email is delivered over a connection encrypted with Transport Layer Security (TLS). If this parameter is set to Require , Amazon SES bounces emails that are not received over TLS. The default is Optional .

        • Recipients (list) --

          The recipient domains and email addresses that the receipt rule applies to. If this field is not specified, this rule matches all recipients on all verified domains.

          • (string) --

        • Actions (list) --

          An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule.

          • (dict) --

            An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.

            For information about setting up receipt rules, see the Amazon SES Developer Guide.

            • S3Action (dict) --

              Saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon SNS.

              • TopicArn (string) --

                The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • BucketName (string) --

                The name of the Amazon S3 bucket for incoming email.

              • ObjectKeyPrefix (string) --

                The key prefix of the Amazon S3 bucket. The key prefix is similar to a directory name that enables you to store similar data under the same directory in a bucket.

              • KmsKeyArn (string) --

                The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that you created in Amazon Web Services KMS as follows:

                • To use the default managed key, provide an ARN in the form of arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses . For example, if your Amazon Web Services account ID is 123456789012 and you want to use the default managed key in the US West (Oregon) Region, the ARN of the default master key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses . If you use the default managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key.

                • To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of the managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the Amazon SES Developer Guide.

                For more information about key policies, see the Amazon Web Services KMS Developer Guide. If you do not specify a managed key, Amazon SES does not encrypt your emails.

                Warning

                Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your Amazon Web Services KMS keys for decryption. This encryption client is currently available with the Amazon Web Services SDK for Java and Amazon Web Services SDK for Ruby only. For more information about client-side encryption using Amazon Web Services KMS managed keys, see the Amazon S3 Developer Guide.

              • IamRoleArn (string) --

                The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic. This role should have access to the following APIs:

                • s3:PutObject , kms:Encrypt and kms:GenerateDataKey for the given Amazon S3 bucket.

                • kms:GenerateDataKey for the given Amazon Web Services KMS customer managed key.

                • sns:Publish for the given Amazon SNS topic.

                Note

                If an IAM role ARN is provided, the role (and only the role) is used to access all the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic). Therefore, setting up individual resource access permissions is not required.

            • BounceAction (dict) --

              Rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the bounce action is taken. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • SmtpReplyCode (string) --

                The SMTP reply code, as defined by RFC 5321.

              • StatusCode (string) --

                The SMTP enhanced status code, as defined by RFC 3463.

              • Message (string) --

                Human-readable text to include in the bounce message.

              • Sender (string) --

                The email address of the sender of the bounced email. This is the address from which the bounce message is sent.

            • WorkmailAction (dict) --

              Calls Amazon WorkMail and, optionally, publishes a notification to Amazon Amazon SNS.

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • OrganizationArn (string) --

                The Amazon Resource Name (ARN) of the Amazon WorkMail organization. Amazon WorkMail ARNs use the following format:

                arn:aws:workmail:<region>:<awsAccountId>:organization/<workmailOrganizationId>

                You can find the ID of your organization by using the ListOrganizations operation in Amazon WorkMail. Amazon WorkMail organization IDs begin with " m- ", followed by a string of alphanumeric characters.

                For information about Amazon WorkMail organizations, see the Amazon WorkMail Administrator Guide.

            • LambdaAction (dict) --

              Calls an Amazon Web Services Lambda function, and optionally, publishes a notification to Amazon SNS.

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the Lambda action is executed. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • FunctionArn (string) --

                The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function. An example of an Amazon Web Services Lambda function ARN is arn:aws:lambda:us-west-2:account-id:function:MyFunction . For more information about Amazon Web Services Lambda, see the Amazon Web Services Lambda Developer Guide.

              • InvocationType (string) --

                The invocation type of the Amazon Web Services Lambda function. An invocation type of RequestResponse means that the execution of the function immediately results in a response, and a value of Event means that the function is invoked asynchronously. The default value is Event . For information about Amazon Web Services Lambda invocation types, see the Amazon Web Services Lambda Developer Guide.

                Warning

                There is a 30-second timeout on RequestResponse invocations. You should use Event invocation in most cases. Use RequestResponse only to make a mail flow decision, such as whether to stop the receipt rule or the receipt rule set.

            • StopAction (dict) --

              Terminates the evaluation of the receipt rule set and optionally publishes a notification to Amazon SNS.

              • Scope (string) --

                The scope of the StopAction. The only acceptable value is RuleSet .

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. You can find the ARN of a topic by using the ListTopics Amazon SNS operation.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

            • AddHeaderAction (dict) --

              Adds a header to the received email.

              • HeaderName (string) --

                The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric (a–z, A–Z, 0–9) characters and dashes.

              • HeaderValue (string) --

                The content to include in the header. This value can contain up to 2048 characters. It can't contain newline ( \n ) or carriage return ( \r ) characters.

            • SNSAction (dict) --

              Publishes the email content within a notification to Amazon SNS.

              • TopicArn (string) --

                The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

                For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

              • Encoding (string) --

                The encoding to use for the email within the Amazon SNS notification. UTF-8 is easier to use, but may not preserve all special characters when a message was encoded with a different encoding format. Base64 preserves all special characters. The default value is UTF-8.

        • ScanEnabled (boolean) --

          If true , then messages that this receipt rule applies to are scanned for spam and viruses. The default value is false .

UpdateReceiptRule (updated) Link ¶
Changes (request)
{'Rule': {'Actions': {'S3Action': {'IamRoleArn': 'string'}}}}

Updates a receipt rule.

For information about managing receipt rules, see the Amazon SES Developer Guide.

You can execute this operation no more than once per second.

See also: AWS API Documentation

Request Syntax

client.update_receipt_rule(
    RuleSetName='string',
    Rule={
        'Name': 'string',
        'Enabled': True|False,
        'TlsPolicy': 'Require'|'Optional',
        'Recipients': [
            'string',
        ],
        'Actions': [
            {
                'S3Action': {
                    'TopicArn': 'string',
                    'BucketName': 'string',
                    'ObjectKeyPrefix': 'string',
                    'KmsKeyArn': 'string',
                    'IamRoleArn': 'string'
                },
                'BounceAction': {
                    'TopicArn': 'string',
                    'SmtpReplyCode': 'string',
                    'StatusCode': 'string',
                    'Message': 'string',
                    'Sender': 'string'
                },
                'WorkmailAction': {
                    'TopicArn': 'string',
                    'OrganizationArn': 'string'
                },
                'LambdaAction': {
                    'TopicArn': 'string',
                    'FunctionArn': 'string',
                    'InvocationType': 'Event'|'RequestResponse'
                },
                'StopAction': {
                    'Scope': 'RuleSet',
                    'TopicArn': 'string'
                },
                'AddHeaderAction': {
                    'HeaderName': 'string',
                    'HeaderValue': 'string'
                },
                'SNSAction': {
                    'TopicArn': 'string',
                    'Encoding': 'UTF-8'|'Base64'
                }
            },
        ],
        'ScanEnabled': True|False
    }
)
type RuleSetName

string

param RuleSetName

[REQUIRED]

The name of the receipt rule set that the receipt rule belongs to.

type Rule

dict

param Rule

[REQUIRED]

A data structure that contains the updated receipt rule information.

  • Name (string) -- [REQUIRED]

    The name of the receipt rule. The name must meet the following requirements:

    • Contain only ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), dashes (-), or periods (.).

    • Start and end with a letter or number.

    • Contain 64 characters or fewer.

  • Enabled (boolean) --

    If true , the receipt rule is active. The default value is false .

  • TlsPolicy (string) --

    Specifies whether Amazon SES should require that incoming email is delivered over a connection encrypted with Transport Layer Security (TLS). If this parameter is set to Require , Amazon SES bounces emails that are not received over TLS. The default is Optional .

  • Recipients (list) --

    The recipient domains and email addresses that the receipt rule applies to. If this field is not specified, this rule matches all recipients on all verified domains.

    • (string) --

  • Actions (list) --

    An ordered list of actions to perform on messages that match at least one of the recipient email addresses or domains specified in the receipt rule.

    • (dict) --

      An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.

      For information about setting up receipt rules, see the Amazon SES Developer Guide.

      • S3Action (dict) --

        Saves the received message to an Amazon Simple Storage Service (Amazon S3) bucket and, optionally, publishes a notification to Amazon SNS.

        • TopicArn (string) --

          The ARN of the Amazon SNS topic to notify when the message is saved to the Amazon S3 bucket. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • BucketName (string) -- [REQUIRED]

          The name of the Amazon S3 bucket for incoming email.

        • ObjectKeyPrefix (string) --

          The key prefix of the Amazon S3 bucket. The key prefix is similar to a directory name that enables you to store similar data under the same directory in a bucket.

        • KmsKeyArn (string) --

          The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that you created in Amazon Web Services KMS as follows:

          • To use the default managed key, provide an ARN in the form of arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses . For example, if your Amazon Web Services account ID is 123456789012 and you want to use the default managed key in the US West (Oregon) Region, the ARN of the default master key would be arn:aws:kms:us-west-2:123456789012:alias/aws/ses . If you use the default managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key.

          • To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of the managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the Amazon SES Developer Guide.

          For more information about key policies, see the Amazon Web Services KMS Developer Guide. If you do not specify a managed key, Amazon SES does not encrypt your emails.

          Warning

          Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your Amazon Web Services KMS keys for decryption. This encryption client is currently available with the Amazon Web Services SDK for Java and Amazon Web Services SDK for Ruby only. For more information about client-side encryption using Amazon Web Services KMS managed keys, see the Amazon S3 Developer Guide.

        • IamRoleArn (string) --

          The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket, optionally encrypting your mail via the provided customer managed key, and publishing to the Amazon SNS topic. This role should have access to the following APIs:

          • s3:PutObject , kms:Encrypt and kms:GenerateDataKey for the given Amazon S3 bucket.

          • kms:GenerateDataKey for the given Amazon Web Services KMS customer managed key.

          • sns:Publish for the given Amazon SNS topic.

          Note

          If an IAM role ARN is provided, the role (and only the role) is used to access all the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic). Therefore, setting up individual resource access permissions is not required.

      • BounceAction (dict) --

        Rejects the received email by returning a bounce response to the sender and, optionally, publishes a notification to Amazon Simple Notification Service (Amazon SNS).

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the bounce action is taken. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • SmtpReplyCode (string) -- [REQUIRED]

          The SMTP reply code, as defined by RFC 5321.

        • StatusCode (string) --

          The SMTP enhanced status code, as defined by RFC 3463.

        • Message (string) -- [REQUIRED]

          Human-readable text to include in the bounce message.

        • Sender (string) -- [REQUIRED]

          The email address of the sender of the bounced email. This is the address from which the bounce message is sent.

      • WorkmailAction (dict) --

        Calls Amazon WorkMail and, optionally, publishes a notification to Amazon Amazon SNS.

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the WorkMail action is called. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • OrganizationArn (string) -- [REQUIRED]

          The Amazon Resource Name (ARN) of the Amazon WorkMail organization. Amazon WorkMail ARNs use the following format:

          arn:aws:workmail:<region>:<awsAccountId>:organization/<workmailOrganizationId>

          You can find the ID of your organization by using the ListOrganizations operation in Amazon WorkMail. Amazon WorkMail organization IDs begin with " m- ", followed by a string of alphanumeric characters.

          For information about Amazon WorkMail organizations, see the Amazon WorkMail Administrator Guide.

      • LambdaAction (dict) --

        Calls an Amazon Web Services Lambda function, and optionally, publishes a notification to Amazon SNS.

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the Lambda action is executed. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • FunctionArn (string) -- [REQUIRED]

          The Amazon Resource Name (ARN) of the Amazon Web Services Lambda function. An example of an Amazon Web Services Lambda function ARN is arn:aws:lambda:us-west-2:account-id:function:MyFunction . For more information about Amazon Web Services Lambda, see the Amazon Web Services Lambda Developer Guide.

        • InvocationType (string) --

          The invocation type of the Amazon Web Services Lambda function. An invocation type of RequestResponse means that the execution of the function immediately results in a response, and a value of Event means that the function is invoked asynchronously. The default value is Event . For information about Amazon Web Services Lambda invocation types, see the Amazon Web Services Lambda Developer Guide.

          Warning

          There is a 30-second timeout on RequestResponse invocations. You should use Event invocation in most cases. Use RequestResponse only to make a mail flow decision, such as whether to stop the receipt rule or the receipt rule set.

      • StopAction (dict) --

        Terminates the evaluation of the receipt rule set and optionally publishes a notification to Amazon SNS.

        • Scope (string) -- [REQUIRED]

          The scope of the StopAction. The only acceptable value is RuleSet .

        • TopicArn (string) --

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify when the stop action is taken. You can find the ARN of a topic by using the ListTopics Amazon SNS operation.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

      • AddHeaderAction (dict) --

        Adds a header to the received email.

        • HeaderName (string) -- [REQUIRED]

          The name of the header to add to the incoming message. The name must contain at least one character, and can contain up to 50 characters. It consists of alphanumeric (a–z, A–Z, 0–9) characters and dashes.

        • HeaderValue (string) -- [REQUIRED]

          The content to include in the header. This value can contain up to 2048 characters. It can't contain newline ( \n ) or carriage return ( \r ) characters.

      • SNSAction (dict) --

        Publishes the email content within a notification to Amazon SNS.

        • TopicArn (string) -- [REQUIRED]

          The Amazon Resource Name (ARN) of the Amazon SNS topic to notify. You can find the ARN of a topic by using the ListTopics operation in Amazon SNS.

          For more information about Amazon SNS topics, see the Amazon SNS Developer Guide.

        • Encoding (string) --

          The encoding to use for the email within the Amazon SNS notification. UTF-8 is easier to use, but may not preserve all special characters when a message was encoded with a different encoding format. Base64 preserves all special characters. The default value is UTF-8.

  • ScanEnabled (boolean) --

    If true , then messages that this receipt rule applies to are scanned for spam and viruses. The default value is false .

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

    An empty element returned on a successful request.