I have the impression this should be simple: I wan...
# help
I have the impression this should be simple: I want to create a Bucket that my SES rule will use to store emails. However, I need to apply a Bucket policy to allow SES to use it. If I create this bucket through the SES dashboard, it attached these policies:
Copy code
  "Version": "2012-10-17",
  "Statement": [
      "Sid": "AllowSESPuts-1629654011154",
      "Effect": "Allow",
      "Principal": {
        "Service": "<http://ses.amazonaws.com|ses.amazonaws.com>"
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::mailtosheet-emails/*",
      "Condition": {
        "StringEquals": {
          "aws:Referer": "326317869239"
How could I do the same if I create the bucket using SST? I went as far as this:
Copy code
this.mailBucket = new sst.Bucket(this, "mts-emails");

const SESPolicy = new iam.PolicyStatement({
      actions: ["s3:PutObject"],
      effect: iam.Effect.ALLOW,
      resources: [this.mailBucket.bucketArn],
      principals: [new iam.ServicePrincipal("<http://ses.amazonaws.com|ses.amazonaws.com>")],
      conditions: {
        StringEquals: {
          "aws:Referer": "326317869239",
But then, I got lost on how to apply this policy to the bucket… reading into
did not make it very clear where to insert `SESPolicy`…. Anyone knows? 🙏
@Daniel da Rocha give this a try
Copy code