What should the company do to modify the application to send email messages from Amazon SES?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company recently completed the migration from an on-premises data center to the AWS Cloud by using a replatforming strategy.One of the migrated servers is running a legacy Simple Mail Transfer Protocol (SMTP) service that a critical application relies upon.The application sends outbound email messages to the company’s customers.The legacy SMTP server does not support TLS encryption and uses TCP port 25.The application can use SMTP only.The company decides to use Amazon Simple Email Service (Amazon SES) and to decommission the legacy SMTP server.The company has created and validated the SES domain.The company has lifted the SES limits.

What should the company do to modify the application to send email messages from Amazon SES?

Configure the application to connect to Amazon SES by using TLS Wrapper. Create an IAM role that has ses:SendEmail and ses:SendRawEmail permissions. Attach the IAM role to an Amazon EC2 instance.

Configure the application to connect to Amazon SES by using STARTTLS. Obtain Amazon SES SMTP credentials. Use the credentials to authenticate with Amazon SES.

Configure the application to use the SES API to send email messages. Create an IAM role that has ses:SendEmail and ses:SendRawEmail permissions. Use the IAM role as a service role for Amazon SES.

Configure the application to use AWS SDKs to send email messages. Create an IAM user for Amazon SES. Generate API access keys. Use the access keys to authenticate with Amazon SES.

Explanations:

While using a TLS Wrapper could allow the application to send emails securely, the application is stated to use SMTP only, and Amazon SES requires either SMTP credentials with STARTTLS or the SES API for sending emails. Therefore, this option does not correctly align with SES’s requirements.

This option correctly specifies that the application can connect to Amazon SES using STARTTLS, which allows secure transmission. It also highlights the need for Amazon SES SMTP credentials for authentication, which is required when connecting via SMTP. This aligns with how SES is typically configured for legacy applications.

Although using the SES API to send messages is a valid approach, it does not adhere to the requirement that the application can only use SMTP. This option suggests a service role for SES, which is unnecessary for SMTP use, making it incorrect for the given scenario.

While using AWS SDKs is a valid method for sending emails, it does not meet the requirement that the application can only use SMTP. Additionally, generating API access keys and creating an IAM user is not relevant for an application limited to SMTP usage.

2025-10-17

1 Comment

  1. Nancy
    Author

    I assess that the answer is:
    Configure the application to connect to Amazon SES by using STARTTLS. Obtain Amazon SES SMTP credentials. Use the credentials to authenticate with Amazon SES.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 + fourteen =