Verify SES email address through CDK

Question

I wan to verify an email address from my CDK itself so that when my stack is deployed tto some other regions this verification is automatically triggered, rather than going to AWS console and doing it manually.

Answer 1

You can either do that using AwsCustomResource from @aws-cdk/custom-resources and it looks similar to the example that you can find here for validating a domain: Custom Resource Examples.

Verify email using TypeScript

I'm adjusting the example here for your use case:

const verifyDomainIdentity = new AwsCustomResource(this, 'VerifyDomainIdentity', {
  onCreate: {
    service: 'SES',
    action: 'verifyEmailIdentity',
    parameters: {
      EmailAddress: 'your@example.com'
    },
    physicalResourceId: PhysicalResourceId.of('verify-email-address')
  },
  policy: AwsCustomResourcePolicy.fromSdkCalls({resources: AwsCustomResourcePolicy.ANY_RESOURCE}) // This does not work somehow with SES or maybe I did something wrong :-(
});

Unfortunately this does not work out of the box because somehow the generated policy includes an email: prefix instead of ses: and you need to provide your own policy. But there's an alternative below.

Using an existing CDK Construct with TypeScript

The other alternative is to use a CDK Construct which is already doing that for you. I recently ran into the same problem like you and I've published a CDK Construct for that: ses-verify-identities. You can then do it like this:

new VerifySesEmailAddress(this, 'SesEmailVerification', {
  emailAddress: 'hello@example.org'
});

You can find the source code of the CDK construct here in case you are interested. The same is possible for verifying domains.