class Aws::SES::Types::S3Action
@see docs.aws.amazon.com/goto/WebAPI/email-2010-12-01/S3Action AWS API Documentation
@return [String]
</note>
setting up individual resource access permissions is not required.
Services KMS customer managed key and Amazon SNS topic). Therefore,
to access all the given resources (Amazon S3 bucket, Amazon Web
<note markdown=“1”> If an IAM role ARN is provided, the role (and only the role) is used
* ‘sns:Publish` for the given Amazon SNS topic.
customer managed key.
* `kms:GenerateDataKey` for the given Amazon Web Services KMS
given Amazon S3 bucket.
* `s3:PutObject`, `kms:Encrypt` and `kms:GenerateDataKey` for the
APIs:
Amazon SNS topic. This role should have access to the following
mail via the provided customer managed key, and publishing to the
while writing to the Amazon S3 bucket, optionally encrypting your
The ARN of the IAM role to be used by Amazon Simple Email Service
@!attribute [rw] iam_role_arn
@return [String]<br>: docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html<br>[4]: aws.amazon.com/sdk-for-ruby/<br>[3]: aws.amazon.com/sdk-for-java/<br>[2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html<br>[1]: docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html<br><br><br><br>Guide][5].
Web Services KMS managed keys, see the [Amazon S3 Developer
only. For more information about client-side encryption using Amazon
Services SDK for Java] and [Amazon Web Services SDK for Ruby][4]
encryption client is currently available with the [Amazon Web
access to use your Amazon Web Services KMS keys for decryption. This
email after retrieving it from Amazon S3, as the service has no
that you must use the Amazon S3 encryption client to decrypt the
not encrypted using Amazon S3 server-side encryption. This means
client before the mail is submitted to Amazon S3 for storage. It is
Your mail is encrypted by Amazon SES using the Amazon S3 encryption
Web Services KMS key, Amazon SES does not encrypt your emails.
Services KMS Developer Guide]. If you do not specify an Amazon
For more information about key policies, see the [Amazon Web
permissions, see the [Amazon SES Developer Guide].
Amazon SES permission to use it. For more information about giving
ensure that you add a statement to your key’s policy to give
Services KMS, provide the ARN of the customer managed key and
* To use a customer managed key that you created in Amazon Web
key.
perform any extra steps to give Amazon SES permission to use the
If you use the Amazon Web Services managed key, you don’t need to
key would be ‘arn:aws:kms:us-west-2:123456789012:alias/aws/ses`.
West (Oregon) Region, the ARN of the Amazon Web Services managed
and you want to use the Amazon Web Services managed key in the US
example, if your Amazon Web Services account ID is 123456789012
`arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses`. For
form of
* To use the Amazon Web Services managed key, provide an ARN in the
created in Amazon Web Services KMS as follows:
Amazon Web Services managed key or a customer managed key that you
emails before saving them to the Amazon S3 bucket. You can use the
The customer managed key that Amazon SES should use to encrypt your
@!attribute [rw] kms_key_arn
@return [String]
same directory in a bucket.
a directory name that enables you to store similar data under the
The key prefix of the Amazon S3 bucket. The key prefix is similar to
@!attribute [rw] object_key_prefix
@return [String]
The name of the Amazon S3 bucket for incoming email.
@!attribute [rw] bucket_name
@return [String]<br>: docs.aws.amazon.com/sns/latest/dg/CreateTopic.html<br>[1]: docs.aws.amazon.com/sns/latest/api/API_ListTopics.html<br><br><br><br>Developer Guide].
For more information about Amazon SNS topics, see the [Amazon SNS
the [ListTopics] operation in Amazon SNS.
to the Amazon S3 bucket. You can find the ARN of a topic by using
The ARN of the Amazon SNS topic to notify when the message is saved
@!attribute [rw] topic_arn<br><br>: docs.aws.amazon.com/ses/latest/dg/receiving-email-action-s3.html<br>[1]: docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html<br><br><br><br>see the [Amazon SES Developer Guide].
For information about specifying Amazon S3 actions in receipt rules,
</note>
size (including headers) is 40 MB. Emails larger than that bounces.
<note markdown=“1”> When you save your emails to an Amazon S3 bucket, the maximum email
see the [Amazon SES Developer Guide].
to access those resources. For information about granting permissions,
Amazon SNS topic of another account, Amazon SES must have permission
Amazon Web Services KMS key to encrypt your emails, or publish to an
To enable Amazon SES to write emails to your Amazon S3 bucket, use an
Service (Amazon SNS).
optionally, publishes a notification to Amazon Simple Notification
message to an Amazon Simple Storage Service (Amazon S3) bucket and,
When included in a receipt rule, this action saves the received