diff --git a/README.md b/README.md
index 96069ab..9b3f353 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,9 @@ which describes the environment mapped in this [architecture diagram][arch-diagr
  - [A domain registered with Route53][aws-route53]
    - Note: if you want to use different domain per environment (staging/production), you need to have multiple hosted zones. The available zones in Route53 can be found by running this command. `aws route53 list-hosted-zones`
 
+_Optional Prerequisites_
+- [Sendgrid account][sendgrid] with developer [API key][sendgrid-apikey]: this will enable transactional email sending with simple API calls.
+
 ## Getting Started
 
 This is meant to be used with the `zero` tool and not directly. See
@@ -73,3 +76,5 @@ Project board: [zenhub][zenhub-board]
 [aws-cli]: https://docs.aws.amazon.com/polly/latest/dg/setup-aws-cli.html
 [aws-route53]: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html
 [zenhub-board]: https://app.zenhub.com/workspaces/commit-zero-5da8decc7046a60001c6db44/board?filterLogic=any&repos=203630543,247773730,257676371,258369081
+[sendgrid]: https://signup.sendgrid.com
+[sendgrid-apikey]: https://app.sendgrid.com/settings/api_keys
\ No newline at end of file
diff --git a/templates/Makefile b/templates/Makefile
index 4eae8a5..f3f754a 100644
--- a/templates/Makefile
+++ b/templates/Makefile
@@ -47,6 +47,7 @@ teardown-secrets:
 	export AWS_PAGER='' && export AWS_DEFAULT_REGION=<% index .Params `region` %> && \
 	aws secretsmanager list-secrets --region <% index .Params `region` %> --query "SecretList[?Tags[?Key=='project' && Value=='$(PROJECT)']].[Name] | [0][0]" | xargs aws secretsmanager delete-secret --region <% index .Params `region` %> --secret-id && \
 	aws secretsmanager list-secrets --region <% index .Params `region` %> --query "SecretList[?Tags[?Key=='rds' && Value=='$(PROJECT)-$(ENVIRONMENT)']].[Name] | [0][0]" | xargs aws secretsmanager delete-secret --region <% index .Params `region` %> --secret-id && \
+	aws secretsmanager list-secrets --region <% index .Params `region` %> --query "SecretList[?Tags[?Key=='sendgrid' && Value=='$(PROJECT)']].[Name] | [0][0]" | xargs aws secretsmanager delete-secret --region <% index .Params `region` %> --secret-id && \
 	aws iam delete-access-key --user-name $(PROJECT)-ci-user --access-key-id $(shell aws iam list-access-keys --user-name $(PROJECT)-ci-user --query "AccessKeyMetadata[0].AccessKeyId" | sed 's/"//g') && \
 	aws iam delete-user --user-name $(PROJECT)-ci-user
 
diff --git a/templates/terraform/bootstrap/secrets/main.tf b/templates/terraform/bootstrap/secrets/main.tf
index b2c3035..12e91fd 100644
--- a/templates/terraform/bootstrap/secrets/main.tf
+++ b/templates/terraform/bootstrap/secrets/main.tf
@@ -47,3 +47,11 @@ module "rds_master_secret_prod" {
   random_length = 32
   tags = map("rds", "${local.project}-prod")
 }
+
+module "sendgrid_api_key" {
+  source  = "../../modules/secret"
+  name = "${local.project}-sendgrid-<% index .Params `randomSeed` %>"
+  type  = "string"
+  value = "<% index .Params `sendgridApiKey` %>"
+  tags = map("sendgrid", local.project)
+}
diff --git a/templates/terraform/environments/prod/main.tf b/templates/terraform/environments/prod/main.tf
index 3241a60..27165b1 100644
--- a/templates/terraform/environments/prod/main.tf
+++ b/templates/terraform/environments/prod/main.tf
@@ -53,4 +53,7 @@ module "prod" {
   <% if ne (index .Params `loggingType`) "kibana" %># <% end %>logging_es_instance_count = "2" # Must be a mulitple of the az count
   <% if ne (index .Params `loggingType`) "kibana" %># <% end %>logging_volume_size_in_gb = "50" # Maximum value is limited by the instance type
   # See https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-limits.html
+
+  sendgrid_enabled = <%if eq (index .Params `sendgridApiKey`) "" %>false<% else %>true<% end %>
+  sendgrid_api_key_secret_name = "<% .Name %>-sendgrid-<% index .Params `randomSeed` %>"
 }
diff --git a/templates/terraform/environments/stage/main.tf b/templates/terraform/environments/stage/main.tf
index 5171df7..d5f8d9c 100644
--- a/templates/terraform/environments/stage/main.tf
+++ b/templates/terraform/environments/stage/main.tf
@@ -58,4 +58,7 @@ module "stage" {
   <% if ne (index .Params `loggingType`) "kibana" %># <% end %>logging_es_instance_count = "1" # Must be a mulitple of the az count
   <% if ne (index .Params `loggingType`) "kibana" %># <% end %>logging_volume_size_in_gb = "10" # Maximum value is limited by the instance type
   # See https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-limits.html
+
+  sendgrid_enabled = <%if eq (index .Params `sendgridApiKey`) "" %>false<% else %>true<% end %>
+  sendgrid_api_key_secret_name = "<% .Name %>-sendgrid-<% index .Params `randomSeed` %>"
 }
diff --git a/templates/terraform/modules/environment/main.tf b/templates/terraform/modules/environment/main.tf
index 74ded75..aa0d6a2 100644
--- a/templates/terraform/modules/environment/main.tf
+++ b/templates/terraform/modules/environment/main.tf
@@ -118,3 +118,12 @@ module "logging" {
   ebs_volume_size_in_gb = var.logging_volume_size_in_gb
   create_service_role   = var.logging_create_service_role
 }
+
+module "sendgrid" {
+  source = "commitdev/zero/aws//modules/sendgrid"
+  version = "0.0.2"
+  count  = var.sendgrid_enabled ? 1 : 0
+
+  zone_name = var.domain_name
+  sendgrid_api_key_secret_name = var.sendgrid_api_key_secret_name
+}
diff --git a/templates/terraform/modules/environment/variables.tf b/templates/terraform/modules/environment/variables.tf
index 3892c90..0ee0a02 100644
--- a/templates/terraform/modules/environment/variables.tf
+++ b/templates/terraform/modules/environment/variables.tf
@@ -127,3 +127,13 @@ variable "enable_cluster_logging" {
   type        = bool
   default     = false
 }
+
+variable "sendgrid_enabled" {
+  description = "If enabled, creates route53 entries for domain authentication"
+  type  = bool
+}
+
+variable "sendgrid_api_key_secret_name" {
+  description = "AWS secret manager's secret name storing the sendgrid api key"
+  type  = string
+}
diff --git a/zero-module.yml b/zero-module.yml
index b54e1c5..41cc133 100644
--- a/zero-module.yml
+++ b/zero-module.yml
@@ -71,6 +71,9 @@ parameters:
     options:
       - "cloudwatch"
       - "kibana"
+  - field: sendgridApiKey
+    label: "API key to setup email integration (optional: leave blank to opt-out of Sendgrid setup)"
+    info: Signup at https://signup.sendgrid.com or create an API key from https://app.sendgrid.com/settings/api_keys. Sendgrid is an email delivery service enabling transactional email sending and more.
   - field: accountId
     label: AWS Account ID
     execute: aws sts get-caller-identity --query "Account" | tr -d '"'