I’m thinking of a use case where a SaaS provider is using Amazon SES to send email as their customer’s domains. In order this properly, DKIM needs so be configured for that domain. One approach would be for the SaaS provider to log into the Amazon SES console, start the Easy DKIM configuration process, and provide the DNS records to the customer for the customer to add to their domain, and then the return to the SES console to verify the domain
Ideally, this process would be integrated into the SaaS so that it is transparent to the user. I’ve looked around the AWS APIs for an API to deploy Easy DKIM, and I can ‘t find anything, but I’ve never used any AWS APIs, so I could easily be overlooking something.
>Solution :
The AWS SES API does not expose a specific API method to automate a DomainKeys Identified Mail configuration process. However, you can use the SES Client to create similiar logic.
Here’s an overview of the steps you can take by using the SesClient:
Verify the Customer’s Domain: Use the VerifyDomainIdentity method to verify the customer’s domain within Amazon SES. This will allow you to start the DKIM configuration process for that domain.
Generate DKIM Keys: Use the GetIdentityDkimAttributes method to retrieve the DKIM keys that Amazon SES will generate for the verified domain. You can then provide these DKIM keys to your customer, so they can add the necessary DNS records.
Monitor DKIM Status: Use the GetIdentityDkimAttributes method to check the DKIM verification status for the customer’s domain. Once the DKIM verification is successful, you can update the customer’s account.
For more methods exposed by SES Client, refer to https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/ses/SesClient.html.