Reputation: 30987
How to get both DKIM and domain verification code using V2 of Amazon SES API
In order to complete SES domain verification I need 2 things:
- Verify the domain using Amazon SES domain verification TXT records
- Setup easy DKIM for the domain using CNAME DNS records
Everything can be done via API as usual (I'm using SES API through a CloudFormation custom resource).
I'm trying to verify the domain AND create DKIM using AWS.SESV2 (2019).
The problem is that AWS.SESV2.createEmailIdentity creates both domain verification code and DKIM.
But I'm unable to get back the domain verification code from the API response... I can find the 3 DKIM tokens in the API response but I cannot get the verification token although it has been created and it is visible in the AWS console.
I need to get the domain verification token from the API call because I'm doing IaaC. I don't want any manual copy/paste from the AWS console.
I can see the DKIM tokens in the doc bellow but where is the domain verification token that has been created?
Also I'm struggling understanding the difference between AWS.SES (2010) and AWS.SESV2 (2019). Can everything be done using this 2 APIs? Which one for what use-case?
It look like domain verification can be done using AWS.SES.verifyDomainIdentity but there is nothing similar in AWS.SESV2.
However DKIM can be done using both interface using AWS.SES.verifyDomainDkim and AWS.SESV2. createEmailIdentity.
I'm trying to compose with both API
- Using AWS.SES.verifyDomainIdentity
- And then AWS.SESV2.createEmailIdentity
But I'm facing an error when using AWS.SESV2.createEmailIdentity
{
"message": "Email identity foo.com already exist.",
"code": "AlreadyExistsException",
"time": "2020-08-31T08:26:15.600Z",
"requestId": "7f87a9ac-b516-4403-a5dd-a19383e9f9ec",
"statusCode": 400,
"retryable": false,
"retryDelay": 18.602196472
}
Upvotes: 9
Views: 863
Answers (1)
Reputation: 126
This is a very valid question, since the differences between the v1 and v2 SDKs are not stated clearly in the documentation.
I was faced with the exact same problem using Terraform for IaaC, and what led me to the solution was a AWS re:Post answer mentioned here
Which states:
Domain Verification: In SESv2, the process has been simplified. You no longer need to create a separate TXT record for domain verification. The DKIM records (3 CNAME records) you've already set up for your domains are sufficient for both verification and DKIM signing.
Therefore, the first part of your question is not valid for SESv2. To get the DKIM values, you can use the DkimAttributes field and loop through the Tokens array to create the relevant DNS records.
Upvotes: 0
Related Questions
- How to send AWS SES email to same domain that is verified
- Node AWS-SDK SES email send verification fail
- DKIM signatures to Rails application using Amazon SES
- Verify SES email address through CDK
- DKIM verification fails on AWS SES and Cloudflare
- AWS SES Identity "pending verification" for DKIM config
- Amazon ses giving email address unverified. when it is already verified
- AWS SES SendRawEmail with via amazonses.com warning
- Does the AWS SES SMTP server automatically sign emails with DKIM?
- Anyway to get dkims records for verifying ses domain in boto?