====== Creating an AWS SES (Simple Email Service) Account ======

Author: Eoin Hearne\\

===== Introduction =====


AWS supply an email server to handle email sending. For our internal and trial environments, we use our Google mail account by default. In some cases, this is not suffient, as it limits how many emails can be sent daily. Also, if the application is hosted on an AWS instance, emails from it will be blocked from all major email servers, due to previous phishing scams. Therefore, we would need to set up an SES account for this instance.



===== Create Domain Identity =====

Log into the AWS console.

Navigate to the Simple Email Service dashboard. 

From here, go to Verified Identities > Create Identity. 

In this section, we can identify a domain i.e. errigal.com, which will allow us to send emails from the errigal.com domain. We can also verifiy email addresses. If the AWS account is in sandbox mode, the SES account has a 200 email daily limit and will only send to verified email addresses, so each recipient will need to be verified, along with a domain.

Add a domain with the default settings. AWS will give instructions on how to verify a domain. For this case, we can add the 3 CNAME records to our DNS handler, which in most cases is CloudFlare.

To obtain the DNS records to enter, click on the newly created domain under the verified indentities. Under the authenication tab, click 'View DNS Records', and the 3 will be listed here. 
{{ :support:aws_dns_records.png?nolink |}}

Log into the CloudFlare website, click on the errigal.com domain and under DNS, click 'Add Record'. 
{{ :support:add_cloudflare_record.png?nolink |}}

Add each of the 3 records under CNAME type and save. Once this is completed correctly, the domain will become verified. 
{{ :support:verified_domain.png?nolink |}}


===== Create SMTP Credentials =====


In AWS, navigate to the SES Account Dashboard and click on 'Create SMTP credentials'. Enter an IAM username, i.e. errigal_admin and finish setting up the credentials. AWS will provide the login credentials which you can download or copy. Update the [[https://bitbucket.org/errigal/env-configuration/src/master/|env-configuration]] with the new credentials.


===== Update Applications =====


To test if the new email server is working, add the credentials to the userprofile, application.properties. This will require an application restart, so ensure you're working on an environment that will allow this. Below is a working example, replacing all the necesary parameters with the newly created credentials. The from address can be anything in the verified domain, i.e. noreply@errigal.com.

<code>spring.mail.host=<AWS_HOST> e.g. email-smtp.us-east-2.amazonaws.com
spring.mail.port=465
spring.mail.username=<AWS_SMTP_USERNAME>
spring.mail.password=<AWS_SMTP_PASSWORD>
spring.mail.from=<FROM_ADDRESS> e.g. noreply@errigal.com
spring.mail.properties.mail.smtp.auth=true
spring.mail.properties.mail.smtp.starttls.enable=true
spring.mail.properties.mail.smtp.connectiontimeout=5000
spring.mail.properties.mail.smtp.timeout=5000
spring.mail.properties.mail.smtp.writetimeout=5000</code>

Ticketer credentials can be updated in the ticketer through the admin > email accounts section.

The reporting manager is updated in the grails config file. Below is another example:

<code>mail {
        host = "<AWS_HOST>"
        port = 465
        'default' {
          from = "<FROM_ADDRESS>"
        }
        username = "<AWS_SMTP_USERNAME>"
        password = "<AWS_SMTP_PASSWORD>"
        props = ["mail.smtp.auth": "true",
                "mail.smtp.socketFactory.port": "465",
                "mail.smtp.socketFactory.class": "javax.net.ssl.SSLSocketFactory",
                "mail.smtp.socketFactory.fallback": "false"]
          }
    }</code>