Welcome to the DjaoDjin Blog!

A place to share experiences in building Software-as-a-Service.

Email Notifications with Amazon SES

by Sebastien Mirolo on Tue, 5 Aug 2014

Today we are setting up email notification for the Django webapp through Amazon SES, not to be confused with Amazon SNS (Simple Notification Service) and Amazon SQS (Simple Queue Service) which are other useful notification services from Amazon.

There really does not seem much reason to set Amazon SES up more than once so we will do the setup through the AWS Console this time around.

Verify Sender Email Addresses

First is to verify the From email address for messages generated by the EC2 instances. We will also verify a To email address we are using while testing.

This is done by a classic, enter an email address in the console, receive an email with a validation URL and click on it, workflow.

Update SPF Record

We add amazonses.com in the list of valid origins for our domain name by setting the SPF record at the DNS provider. Ex:

"v=spf1 a mx include:amazonses.com -all"

Getting SMTP Credentials

Through the console, we obtain the Amazon SES SMTP credentials necessary and write them down in the Django settings. A side note here, the SMTP credentials are created for an IAM user. That's pretty cool how you can authorize and restrict what this "sender" user can do through regular IAM policies.

$ diff -u prev /etc/django/site.conf
EMAIL_HOST = "email-smtp.us-west-2.amazonaws.com"
EMAIL_PORT = 587
EMAIL_USE_TLS = False
DEFAULT_FROM_EMAIL = "VERIFIED_EMAIL_ADDRESS"
SERVER_EMAIL = "VERIFIED_EMAIL_ADDRESS"

$ diff -u prev /etc/django/credentials
EMAIL_HOST_USER = "SMTP_USERNAME"
EMAIL_HOST_PASSWORD = "SMTP_PASSWORD"

$ sudo service django restart

Testing

Here we try to register a new user into the web application. This will trigger an email.

If nothing shows up in the mailbox, either one or both of the From and To email addresses where not verified. If the email shows up as spam, the SPF record might be incorrect.

Request for Production Access

Last step is to request production access such that the application can send emails to addresses that where obviously not verified with Amazon SES previously.

Et Voila!