The repository follows the golang-standards/project-layout conventions:
cmd/ses-sidecar: application entrypoint (mainpackage)internal/app/sessidecar: private SMTP/SES application code.github/workflows: release automation
docker run -it \
-p 1025:1025 \
-e ADDR=0.0.0.0:1025 \
-e AWS_ACCESS_KEY_ID \
-e AWS_SECRET_ACCESS_KEY \
-e AWS_SESSION_TOKEN \
-e AWS_REGION \
ghcr.io/QuentinBtd/ses-sidecar:latest
This will start an SMTP server listening on port 1025 that uses the AWS SES
SendRawEmail API to deliver email. In practice, you wouldn't pass credentials
like this example, you would associate an IAM role with the container via your
orchestration system, e.g. an ECS task IAM role, EKS IRSA service account role or Pod Identity.
That role needs ses:SendRawEmail permission.
It exists because (as of the time of writing) the SES SMTP service doesn't work with temporary credentials, which are a security best-practice. File an issue if you have any problems / feature requests.