One-Click AWS Connect
Connect your AWS account securely in under 60 seconds using IAM roles.
One-click connect is the fastest and most secure way to connect your AWS SES account to Transmit. It uses a cross-account IAM role with an External ID, ensuring we only ever use temporary security tokens.
Benefits
| Feature | Description |
|---|---|
| No Secrets Stored | We never store permanent AWS access keys |
| 60-Second Setup | Automated CloudFormation deployment |
| Instant Revocation | Delete the stack to revoke access immediately |
Setup Guide
Step 1: Navigate to AWS Settings
Open your Transmit dashboard and go to Settings → AWS SES. Ensure the One-Click tab is selected.
Step 2: Choose Your Region
Select the AWS region where your SES identities are (or where you want to create them). Common regions include us-east-1, eu-west-1, and us-west-2.
Step 3: Launch CloudFormation
Click Launch CloudFormation. This redirects you to AWS Console with the template pre-filled, including your unique External ID.
Step 4: Create Stack
Review the stack details. Check the box that says "I acknowledge that AWS CloudFormation might create IAM resources" and click Create stack.
Step 5: Retrieve Role ARN
Wait for the stack status to reach CREATE_COMPLETE (~30 seconds). Go to the Outputs tab and copy the RoleArn value.
Step 6: Finalize Connection
Return to Transmit, paste the Role ARN, and click Connect AWS.
Security Details
| Mechanism | How It Protects You |
|---|---|
| STS AssumeRole | Temporary credentials that expire after 1 hour |
| External ID | Prevents "confused deputy" attacks |
| Least Privilege | Policy scoped to SES, SNS, and S3 only |
| Auditability | All actions logged in CloudTrail |
Comparison: IAM Role vs Access Keys
| Feature | IAM Role (Recommended) | Access Keys |
|---|---|---|
| Credential Storage | None (temporary tokens) | Encrypted secrets stored |
| Rotation | Automatic every hour | Manual required |
| Setup Time | ~60 seconds | ~5 minutes |
| Revocation | Instant (delete stack) | Must delete/rotate keys |