Amazon SES and BYODKIM

I started testing Amazon SES and didn't want to use their ugly EasyDKIM domains so I went for the BYODKIM. Never having to generate my own DKIM key I did a bit of searching and it's really simple.

  1. Generate a 2048 (or 1024) bit RSA key: openssl genrsa -out dkim.priv 2048
  2. Split the public key out: openssl rsa -in dkim.priv -pubout -out dkim.pub
  3. You need to remove the header, footer, and new lines to paste into the SES console: cat dkim.priv | sed '1d;$d' | tr -d '\n'
  4. Create a TXT DNS record for the public key with this value: echo "v=DKIM1\; k=rsa\; p=$(cat dkim.pub | sed '1d;$d' | tr -d '\n')"

Now wait a bit and you should see your domain validated in the SES console.

octoDNS and Route53

Just a quick and simple post. If you want to use octoDNS with Amazon's Route53, you can use the following permisson policy to restrict the user to only what octoDNS needs to do its job.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:CreateHostedZone",
                "route53:ListHealthChecks",
                "route53:ListHostedZones",
                "route53:ListHostedZonesByName",
                "route53:ListResourceRecordSets"
            ],
            "Resource": "*"
        }
    ]
}