When using Amazon SES, a situation may occur where your Account status in the Amazon SES Reputation Dashboard changes from HEALTHY, causing Amazon to stop the ability to send emails. To prevent this, it is better to start monitoring your Reputation right after going into production.
An adequate bundle of services for this includes AWS Lambda, Amazon SNS, and Amazon DynamoDB.
Amazon SNS will get events to form Amazon SES and trigger Lambda.
The Lambda function will store data to DynamoDB and do other things that you want — for example, remove an email address from a subscription list via an API, or send a message to Slack/Telegram/Messenger.
Firstly, in the Notifications settings of your domain, add Amazon SNS Topics for the Bounces, Complaints and Deliveries events.
SES → Domains → Notifications → Edit Configuration
You can use 1 topic for all events, separating is optional. For example, if you want to send Complaint events to Lambda and the email of the administrator, it is better to separate.
In the next step, we should create a Lambda function.
Let’s name it ses-notification-nodejs.
Use Node.js 12.x Runtime with default settings — it is enough for this task.
Then we should create a DynamoDB table. Let’s name it mailing. The primary key will be UserId.
Default settings will be enough for a start. You can fine-tune it later.
Now you need to go to IAM and add a permission to the Lambda role.
The best option for this is to add the permission to exactly one table.
You can read more about this here.
Amazon DynamoDB: Allows access to a specific table
How to Create an AWS IAM Policy to Grant AWS Lambda Access to an Amazon DynamoDB Table
After you update your role permission your code will look like this:
Code example for Lambda:
You can also find examples with the telegram notification in my repository for this feature.
That’s it, now you can monitor all Bounce and Compliant events from your SES service and keep your Amazon SES in a healthy state.