How to separate Amazon SES account for production and development?

Question

I'm looking for the best approach for organizing sending emails via Amazon SES in development and production environment.

Is it possible to separate two SES accounts (one for production, one for development) within one account ID? Development using production SES account is not an option because SES pushes events to queues (deliveries, bounces etc) which are processing all the time.

The solutions which I see at the moment are:

1. Create completely new Amazon account with only one service active (SES).
2. I read something about IAM policies but I'm not sure is it a good direction.
3. I read something about sandbox but if I good understand it only exists for new accounts (?)

Maybe someone heard/resolve that problem with more elegance solution?

Answer 1

You could setup your production SES in one AWS region (like us-east-1), and your test SES in a different region (like us-west-2). I'm not sure if this would be better or more elegant than using two separate AWS accounts. It depends on your exact needs.

When you setup SES in a region it will be in sandbox mode until you request AWS take it out of sandbox mode.

Answer 2

When you setup your deployment environments, it would be better if you create a separate AWS account for production and another one for testing and staging. You can setup consolidated billing and AWS organizations to simplify the management of multiple accounts. In addition, you can get a test domain for testing and staging deployments, where you can configure it with SES to send mails.

Answering your questions in order

1. Create separate accounts not only for SES, a separate one for production deployment.
2. Using IAM alone you won't be able to manage isolated triggers in SES.
3. In any account Sandbox is default for SES, You need to contact AWS support and increase the limits.