Most in lower environments in applications, you may have a requirement of sending emails only inside and not to send emails outside of the organisation.
This can be achieved by the aws ses email policy, if you are using aws ses emails to send out emails from your application. It is very easy of getting start with ses emails and allows to send emails at very low cost and reliable speed.
Following is the policy to add for your verified identity by going into authorization and create policy option with appropriate name
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "stmt1689323523248",
"Effect": "Deny",
"Principal": {
"AWS": "arn:aws:iam::590354103873:user/identityuser"
},
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "arn:aws:ses:us-east-2:590354103873:identity/identity@domain.net",
"Condition": {
"ForAllValues:StringNotLike": {
"ses:Recipients": "*@domain.com"
}
}
}
]
}