1. Create an organization and an account
Go to AWS Organization in the AWS console to create an organization. It’s not region specific, so all the regions are disabled and shown as global. AWS organization is used to manage the accounts. We will create an account for deployment.If you have bought a gold edition of MailDiver, it means that you have access
to the source code. If you want to develop new features, it’s better to create
another account - dev account to safely experiment with the code.
OrganizationAccountAccessRole. Click Create button.
2. Create permission sets
Now we will create permission sets. Go to IAM identity center in the AWS console. a. Choose a region. In AWS, The services typically are region specific. It’s essential to choose the correct region before creating any resources. You should decide which region you want to use. Generally, you should select the region geographically close to you or your users. If your users are globally distributed, don’t worry. We use AWS CloudFront to cache the content (APIs, assets, frontend app, etc.) and serve it from the nearest edge location for both frontend and backend infrastructure. b. Click the Enable button. c. On the left side, click the Permission sets button under the Multi-account permissions section, then click Create permission set.
AdministratorAccess and ReadOnlyAccess. First, let’s create AdministratorAccess. Choose default Predefined permission set.
AdministratorAccess as default. Add a description if you want. For session duration, choose how often you want to re-login. Click the Next button, review, then click the Create button.
ReadOnlyAccess permission set. You should have two permission sets: AdministratorAccess and ReadOnlyAccess.
3. Create a group and a user
Lastly, we need to create a group and a user. Groups are convenient for managing multiple users. For example, Instead of assigning permissions one by one for the users, you can assign the permissions to the group, and all users in the group will have the same permission sets. a. On the left side, click Groups and then click the Create group button.
FullAccessGroup. Feel free to add any descriptive name you want. Skip creating a user in this step. Click the Create group button.
c. On the left side, click Users and then click the Add user button. You will use this user for deployment. You will be asked to create a password and log in with the username. I’ll use sudo since it’s my cat’s name. Choose Send an email to this user with password setup instructions. for the password.
Enter your email address and full name. You can either leave the rest of the fields as default or fill them in. Click the Next button.
FullAccessGroup and click the Next button. Review and click the Add user button.
e. You will get an email from AWS with the login instructions. You will use this user to deploy MailDiver. Again, please avoid using the root account for day-to-day tasks.
4. The final step, add the user to the account.
As a final step, we must add the user to the account. a. In IAM identity center page, click AWS accounts on the left side under the Multi-account permissions tab. Select the account and click the Assign users or groups button. b. Select the group (not the user) we created earlier,FullAccessGroup and click the Next button.
AdministratorAccess and ReadOnlyAccess. Click the Next button, review, and submit.
If you need help to access for SES production access, please follow the steps below:Request production access for SES