Setting up AWS SES for a Next.js app deployed on Vercel usually means hours of configuration, sandbox approval headaches, and hardcoding AWS credentials as environment variables. There's a better way.
In this guide, you'll learn how to deploy production-ready email infrastructure to your AWS account in minutes—and send emails from your Vercel-hosted Next.js app without storing a single credential.
The Problem with Traditional SES Setup
If you've tried to set up AWS SES yourself, you've probably hit these walls:
- Sandbox limbo: Writing essay-length justifications for production access, getting cryptic rejections with no feedback
- DNS configuration: Manually adding DKIM records, waiting 72 hours for propagation, troubleshooting verification failures
- Credential management: Creating IAM users, generating access keys, rotating them periodically, storing them in Vercel's environment variables—see our SES setup guide for the full picture
- Missing DX: No SDK, no dashboard, no event tracking—just raw API calls
Most developers abandon SES setup and pay 10x more for alternatives like Resend or SendGrid. But what if you could get the DX of Resend with the economics of AWS—and actually own the infrastructure?
What We're Building
By the end of this tutorial, you'll have:
- SES infrastructure deployed to your AWS account (domains, event tracking, email history)
- OIDC authentication so your Vercel functions can send email without stored credentials
- A type-safe SDK for sending emails from Next.js API routes or Server Actions
The setup takes about 2 minutes. Seriously.
Prerequisites
- An AWS account with CLI access configured (
aws configure) - A Vercel account with a Next.js project
- A domain you own (for sending emails)
- Node.js 20+

