---
layout: default
---



## Amazon Simple Email Service (SES)

| Identifier                                         | Guardrail                                          | Rationale                                                                                                                                       | Remediation                                    | References                                                                                                                                                                                                                                             |   Policy | IAM Actions   |
|:---------------------------------------------------|:---------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------:|:--------------|
| <a id="IAM-SES-1" href="#IAM-SES-1" >IAM-SES-1</a> | Check that if SES calls Amazon S3 use aws:Referer. | Specifying the aws:Referer will help prevent the confused deputy problem and ensure that requests originate from the authorized AWS Account Id. | Add aws:Referer specifying the AWS Account Id. | [https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html#receiving-email-permissions-s3](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email-permissions.html#receiving-email-permissions-s3)<br><br> |      nan |               |