diff --git a/aws/iam/ses_send/main.tf b/aws/iam/ses_send/main.tf
index 3b2df70..a455272 100644
--- a/aws/iam/ses_send/main.tf
+++ b/aws/iam/ses_send/main.tf
@@ -1,31 +1,24 @@
-resource "aws_iam_group" "mod" {
-  name = "ses_senders"
+data "aws_iam_policy_document" "mod" {
+  version = "2012-10-17"
+  statement {
+    effect = "Allow"
+    actions = [
+      "ses:SendRawEmail",
+      "ses:SendEmail",
+    ]
+    resources = ["*"]
+  }
 }
 
-resource "aws_iam_group_policy" "mod" {
+resource "aws_iam_policy" "mod" {
   name  = "AmazonSesSendingAccess"
-  group = aws_iam_group.mod.id
 
-  policy = jsonencode(
-    {
-      Statement = [
-        {
-          Action = [
-            "ses:SendRawEmail",
-            "ses:SendEmail",
-          ]
-          Effect   = "Allow"
-          Resource = "*"
-        },
-      ]
-      Version = "2012-10-17"
-    }
-  )
+  policy = data.aws_iam_policy_document.mod.json
 }
 
-resource "aws_iam_group_membership" "mod" {
-  name  = "app-server-group-membership"
-  users = var.users
-  group = aws_iam_group.mod.name
+resource "aws_iam_policy_attachment" "mod" {
+  name       = "ses-sending-policy-attachment"
+  users      = var.users
+  roles      = var.roles
+  policy_arn = aws_iam_policy.mod.arn
 }
-
diff --git a/aws/iam/ses_send/outputs.tf b/aws/iam/ses_send/outputs.tf
deleted file mode 100644
index 3b4926a..0000000
--- a/aws/iam/ses_send/outputs.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-output "group_id" {
-  value = aws_iam_group.mod.id
-}
-
diff --git a/aws/iam/ses_send/variables.tf b/aws/iam/ses_send/variables.tf
index 2852109..822a631 100644
--- a/aws/iam/ses_send/variables.tf
+++ b/aws/iam/ses_send/variables.tf
@@ -1,4 +1,9 @@
 variable "users" {
   type = list(string)
+  default = []
 }
 
+variable "roles" {
+  type = list(string)
+  default = []
+}