5 posts tagged with "KMS"

In today's fast-paced tech world, automating infrastructure setup is key to maximizing efficiency and reducing human error. One of the most reliable tools for this is AWS CloudFormation, which allows users to define their cloud resources and manage them as code. While AWS provides a Console for managing CloudFormation, the AWS Command Line Interface (CLI) is a powerful alternative that offers speed, control, and flexibility. In this blog, we'll walk you through setting up CloudFormation using AWS CLI, covering essential components like VPCs, KMS keys, and IAM roles.

1. Introduction to AWS CloudFormation​

Before diving into technical details, it's important to understand what AWS CloudFormation is and why it's so beneficial.

What is AWS CloudFormation?​

AWS CloudFormation is an Infrastructure-as-Code (IaC) service provided by AWS that allows you to model, provision, and manage AWS and third-party resources. You define your resources using template files (JSON or YAML) and deploy them via AWS CloudFormation, which takes care of the provisioning and configuration.

CloudFormation manages the entire lifecycle of your resources, from creation to deletion, allowing for automation and consistent environments.

Benefits of Using CloudFormation​

1. Automation: CloudFormation automates the entire infrastructure setup, from VPC creation to IAM role configuration, reducing manual work and errors.

2. Version Control: Treat your infrastructure like code. With CloudFormation, you can manage your infrastructure in repositories like Git, making it easy to version, track, and rollback changes.

3. Consistency: CloudFormation ensures that the same template can be used to create identical environments, such as development, staging, and production.

4. Cost Efficiency: With CloudFormation, resources can be automatically deleted when no longer needed, preventing unnecessary costs from unused resources.

2. Why Use AWS CLI Over the Console?​

AWS CLI vs Console: Which One is Better for You?​

The AWS Management Console offers an intuitive, visual interface for managing AWS resources, but it's not always the most efficient way to manage infrastructure, especially when it grows complex. Here's how AWS CLI compares:

Advantages of Using AWS CLI​

1. Automation: CLI commands can be scripted for automation, allowing you to run tasks without manually navigating through the Console.
2. Faster Setup: CLI allows you to automate stack creation, updates, and deletion, significantly speeding up the setup process.
3. Better Error Handling: You can incrementally update stacks and fix errors on the go with AWS CLI, making it easier to debug and manage resources.

3. Prerequisites​

Before we start building with CloudFormation, let’s go over the prerequisites.

Setting Up AWS CLI​

AWS CLI is a powerful tool that allows you to manage AWS services from the command line. To get started:

1. Install AWS CLI:

   • If you haven't already installed AWS CLI, you can do so by following the instructions from the official AWS documentation.

2. Verify Installation: After installation, verify that the AWS CLI is installed by typing the following command in your terminal:

   aws --version
   

   If successfully installed, the version information will be displayed.

Configuring AWS Profiles​

Before using AWS CLI to interact with your AWS account, you'll need to configure a profile:

aws configure

You'll be prompted to provide:

• AWS Access Key ID
• AWS Secret Access Key
• Default region name (e.g., us-west-2)
• Default output format (choose JSON)

This configuration will allow the CLI to authenticate and interact with your AWS account.

4. Step-by-Step Guide to AWS CloudFormation with AWS CLI​

Now that your CLI is set up, let us get into how to deploy AWS CloudFormation stacks using it.

Setting Up Your First CloudFormation Stack​

We will start with a simple example of how to create a CloudFormation stack. Suppose you want to create a Virtual Private Cloud (VPC).

1. Create a YAML Template: Save the following template in a file named vpc.yaml:

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      Tags:
        - Key: Name
          Value: MyVPC

2. Deploy the Stack: To create the VPC, run the following command:

aws cloudformation create-stack --stack-name my-vpc-stack --template-body file://vpc.yaml --capabilities CAPABILITY_NAMED_IAM

This command will instruct CloudFormation to spin up a VPC using the specified template.

3. Check the Stack Status: To verify the status of your stack creation, use:

aws cloudformation describe-stacks --stack-name my-vpc-stack

Deploying a Virtual Private Cloud (VPC)​

A VPC is essential for defining your network infrastructure in AWS. Here’s how you can add more resources to your VPC, such as an Internet Gateway:

Resources:
  MyVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      Tags:
        - Key: Name
          Value: MyVPC
  InternetGateway:
    Type: AWS::EC2::InternetGateway
  VPCGatewayAttachment:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref MyVPC
      InternetGatewayId: !Ref InternetGateway

Deploy this using the same create-stack command.

Setting Up Security with KMS (Key Management Service)​

Next, we will add encryption keys for securing data:

1. KMS Template:

Resources:
  MyKMSKey:
    Type: AWS::KMS::Key
    Properties:
      Description: Key for encrypting data
      Enabled: true

2. Deploy KMS:

aws cloudformation create-stack --stack-name my-kms-stack --template-body file://kms.yaml --capabilities CAPABILITY_NAMED_IAM

Managing Access with IAM Roles​

IAM Roles allow secure communication between AWS services. Here’s an example of how to create an IAM role:

Resources:
  MyIAMRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: ec2.amazonaws.com
            Action: sts:AssumeRole
      Path: /

Use the same create-stack command to deploy this.

5. Best Practices for AWS CloudFormation​

Use Nested Stacks​

Avoid large, monolithic stacks. Break them down into smaller, nested stacks for better manageability.

Resources:
  ParentStack:
    Type: AWS::CloudFormation::Stack
    Properties:
      TemplateURL: https://s3.amazonaws.com/path/to/nested-stack.yaml

Parameterization​

Use parameters to make your stacks reusable across different environments.

Parameters:
  InstanceType:
    Type: String
    Default: t2.micro
    Description: EC2 Instance Type

Exporting and Referencing Outputs​

Export important resource values for use in other stacks:

Outputs:
  VPCId:
    Value: !Ref MyVPC
    Export:
      Name: VPCId

Incremental Stack Updates​

Always update your stacks incrementally to avoid failures.

aws cloudformation update-stack --stack-name my-stack --template-body file://updated-template.yaml

6. Advanced CloudFormation Features​

Handling Dependencies and Stack Failures​

Use the DependsOn attribute to specify dependencies between resources to avoid issues with resource creation order.

Custom Resource Creation​

For advanced use cases, you can create custom resources by using Lambda functions or CLI.

7. Conclusion and Next Steps​

By using AWS CloudFormation with AWS CLI, you can automate your infrastructure, reduce errors, and scale your environment effortlessly. Continue learning by experimenting with more complex templates, incorporating advanced features like stack sets, and automating further with scripts.

Code shown in the video can be accessed from https://github.com/arinatechnologies/cloudformation

Centralized Management of AWS Services Using AWS Organizations​

AWS Organizations provides a unified way to manage and govern your AWS environment as it grows. This blog post details how you can use AWS Organizations to centrally manage your services, thereby simplifying administration, improving security, and reducing operational costs.

Why Use AWS Organizations?​

AWS Organizations enables centralized management of billing, control access, compliance, security, and resource sharing across AWS accounts. Instead of managing services individually in each account, AWS Organizations lets you administer them from a single location.

Advantages of Centralized Management:​

a. Efficiency: Manage multiple AWS accounts from a single control point. b. Cost Savings: Reduce operational costs through centralized management. c. Enhanced Security: Apply consistent policies and compliance standards across all accounts. d. Simplified Operations: Streamline monitoring, backup, and administrative tasks.

Step-by-Step Guide to Centralized Backup Management​

Managing backups across multiple AWS accounts can be complex. AWS Backup allows you to centralize and automate data protection across AWS services. Here’s how you can set up centralized backup management using AWS Organizations:

1. Setting Up AWS Organizations:​

a. Create an AWS Organization: i) Navigate to the AWS Organizations console. ii) Click on "Create organization" and follow the prompts.

b. Add Accounts to Your Organization: i) Add existing accounts or create new ones. ii) Ensure all accounts you want to manage are part of the organization.

2. Enabling Centralized Backup:​

a. Navigate to AWS Backup: i) Open the AWS Backup console from the management account. ii) This is where you'll configure backup plans and policies.

b. Create a Backup Plan:

i) Click on "Create backup plan." ii) Define your backup rules (e.g., frequency, retention period).

• Specify the resources to back up (e.g., EC2 instances, RDS databases).

c. Assign the Backup Plan: i) Use tags to assign resources to the backup plan. ii) For instance, tag all EC2 instances you want to back up with Backup:Production.

3. Delegating Administration:​

a. Create a Delegated Administrator Account: i) Designate one account as the delegated administrator. ii) This account will handle backup management for all other accounts.

b. Set Up Cross-Account Roles: i) Create IAM roles in each member account. ii) Assign these roles the necessary permissions for backup operations. iii) Ensure the roles allow cross-account access to the delegated administrator account.

4. Configuring Backup Policies:​

a. Enable Backup Policies: i) From the AWS Backup console, enable backup policies. ii) Define and apply these policies to all accounts within the organization.

b. Monitor Backups: i) Use AWS Backup's centralized dashboard to monitor the status of your backups. ii) Set up notifications for backup failures or successes.

5. Using Additional AWS Services:​

AWS Organizations supports various other services that can be centrally managed. Some examples include:

• a. AWS GuardDuty: Centralized threat detection.
• b. AWS Config: Compliance auditing and monitoring.
• c. AWS CloudTrail: Logging and monitoring account activity.
• d. AWS Identity and Access Management (IAM): Centralized access control and user management.

Ready to take your cloud infrastructure to the next level? Please reach out to us Contact Us

Conclusion​

Leveraging AWS Organizations can streamline the management of your AWS environment, ensuring consistent backup policies, enhancing security, and reducing operational overhead. Centralized management not only simplifies your administrative tasks but also provides a unified view of your organization's compliance and security posture.

When it comes to choosing the right container service for your application, AWS offers a myriad of options, each tailored to specific needs and use cases. This guide aims to provide a comprehensive overview of when and how to use various AWS container services, based on our extensive research and industry experience.

Please refer The Ultimate AWS ECS and EKS Tutorial

Understanding Containers and Their Use Cases​

Containers have revolutionized the way applications are developed and deployed. They offer portability, consistency, and efficiency, making them ideal for various scenarios, from microservices architectures to machine learning orchestration.

Service Orchestration​

Service orchestration involves managing and coordinating multiple services or microservices to work together seamlessly. Containers play a crucial role in this by ensuring that each service runs in its isolated environment, thereby reducing conflicts and improving scalability.

Popular Options for Service Orchestration​

1. Kubernetes Service

   • Pros: Fully managed, scalable, extensive community support.
   • Cons: Complex setup, significant operational overhead.

2. Red Hat OpenShift on AWS (ROSA)

   • Overview: A third-party service similar to Kubernetes, managed by OpenShift.
   • Pros: Robust management platform, popular among enterprise clients.
   • Cons: Similar complexity to Kubernetes.

3. AWS Elastic Container Service (ECS)

   • Overview: AWS's native container orchestration service.
   • Pros: Seamless integration with AWS services, flexible deployment options (EC2, Fargate).
   • Cons: Limited to AWS ecosystem.

Machine Learning Orchestration​

Deploying machine learning models in containers allows for a consistent and portable environment across different stages of the ML pipeline, from training to inference.

1. AWS Batch
   • Overview: A native service designed for batch computing jobs, including ML training and inference.
   • Pros: Simplifies job scheduling and execution, integrates well with other AWS ML services.
   • Cons: Best suited for batch jobs, may not be ideal for real-time inference.

Web Applications.Please check out our web services Refer website solutions
​

Containers can also streamline the deployment and management of web applications, providing a consistent environment across development, testing, and production.

1. AWS Elastic Beanstalk

   • Overview: A legacy service that simplifies application deployment and management.
   • Pros: Easy to use, good for traditional web applications.
   • Cons: Considered outdated, fewer modern features compared to newer services.

2. AWS App Runner

   • Overview: A newer service that simplifies running containerized web applications and APIs.
   • Pros: Supports container deployments, integrates with AWS ECR.
   • Cons: Limited to ECR for container images, still relatively new.

Serverless Options​

For applications that don't require a full-fledged orchestration setup, serverless options like AWS Lambda can be a good fit.

1. AWS Lambda

   • Pros: Scalable, supports multiple languages, cost-effective for short-running functions.
   • Cons: Limited to 15-minute execution time, may require step functions for longer processes.

2. Amazon EC2 vs. Amazon LightSail

   • Amazon EC2: Provides full control over virtual machines, suitable for custom setups.
   • Amazon LightSail: Simplifies VM deployment with pre-packaged software, ideal for quick deployments like WordPress.

Decision Tree for Choosing AWS Container Services​

To help you choose the right service, consider the following decision tree based on your specific needs:

1. Service Orchestration Needed?

   • Yes: Consider Kubernetes, ROSA, or ECS.
   • No: Move to the next question.

2. Serverless Invocation?

   • Yes: If processing time < 15 minutes, use AWS Lambda. If > 15 minutes, consider App Runner.
   • No: Proceed to provisioned infrastructure options.

3. Provisioned Infrastructure?

   • Yes: Choose between Amazon EC2 for full control or Amazon LightSail for simplified setup.

4. Machine Learning Orchestration?

   • Yes: Use AWS Batch for batch jobs.
   • No: Skip to web application options.

5. Web Application Deployment?

   • Yes: Use Elastic Beanstalk for legacy applications or App Runner for modern containerized applications.

Conclusion​

AWS offers a robust set of services for container orchestration, machine learning, web applications, and serverless computing. Understanding the strengths and limitations of each service can help you make informed decisions and optimize your application architecture. Ready to take your cloud infrastructure to the next level? Please reach out to us Contact Us

In today's cloud-centric environment, data security is more crucial than ever. One of the common challenges faced by organizations is ensuring that sensitive data stored in AWS S3 buckets is accessible only under strict conditions. This blog post delves into a hands-on session where we set up an AWS Key Management Service (KMS) policy to restrict access to a single S3 bucket using a customer's own encryption key.

Introduction to AWS S3 and KMS​

Amazon Web Services (AWS) offers robust solutions for storage and security. S3 (Simple Storage Service) provides scalable object storage, and KMS offers managed creation and control of encryption keys.

Scenario Overview​

The need: A customer wants to use their own encryption key and restrict its usage to a single S3 bucket. This ensures that no other buckets can access the key.

Setting Up the KMS Key​

Step 1: Creating the Key​

• Navigate to the Key Management Service: Start by opening the AWS Management Console and selecting KMS.
• Create a new key: Choose the appropriate options for your key. For simplicity, skip tagging and advanced options during this tutorial.

Step 2: Configuring Key Policies​

• Permission settings: Initially, you might be tempted to apply broad permissions. However, to enhance security, restrict the key’s usage to a specific IAM user and apply a policy that denies all other requests.

Crafting a Bucket Policy​

Step 1: Creating the Bucket​

• Unique bucket name: Remember, S3 bucket names need to be globally unique. Create the bucket intended for the exclusive use of the KMS key.
• Disable bucket versioning: If not required, keep this setting disabled to manage storage costs.

Step 2: Policy Configuration​

• Deny other buckets: The crucial part of this setup involves crafting a bucket policy that uses a "Deny" statement. This statement should specify that if the bucket name doesn’t match your specific bucket, access should be denied.
• Set conditions: Use conditions to enforce that the KMS key can only encrypt/decrypt objects when the correct S3 bucket is specified.

{
    "Version": "2012-10-17",
    "Id": "key-consolepolicy-3",
    "Statement": [
        {
            "Sid": "Enable IAM User Permissions",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<account-number>:root"
            },
            "Action": "kms:*",
            "Resource": "*"
        },
        {
            "Sid": "Deny access to key if the request is not for a yt-test-bucket",
            "Effect": "Deny",
            "Principal": {
                "AWS": "*"
            },
            "Action": [
                "kms:GenerateDataKey",
                "kms:Decrypt"
            ],
            "Resource": "*",
            "Condition": {
                "StringNotEquals": {
                    "kms:EncryptionContext:aws:s3:arn": "arn:aws:s3:::yt-s3-bucket"
                }
            }
        }
    ]
}

Testing the Configuration​

• Validate with another bucket: Create an additional S3 bucket and try to use the KMS key. The attempt should fail, confirming that your policy works.
• Verify with the correct bucket: Finally, test the key with the correct bucket to ensure that operations like uploading and downloading are seamless.

Conclusion​

This setup not only strengthens your security posture but also adheres to best practices of least privilege by limiting how and where the encryption key can be used. Implementing such precise controls is critical for managing sensitive data in the cloud.

🔚 Call to Action​

Choosing the right platform depends on your organizations needs. For more insights, subscribe to our newsletter for insights on cloud computing, tips, and the latest trends in technology. or follow our video series on cloud comparisons.

Interested in having your organization setup on cloud? If yes, please contact us and we'll be more than glad to help you embark on cloud journey.

💬 Comment below:
How is your experience with Mac on EC2? What do you want us to review next?

In our interconnected digital world, managing email efficiently and securely is a critical aspect of business operations. This post delves into a sophisticated setup using Amazon Web Services (AWS) that ensures your organization's email communication remains robust and responsive. Specifically, we will explore using AWS Simple Email Service (SES) in conjunction with Simple Notification Service (SNS) and AWS Lambda to handle email bounces and complaints effectively.

Understanding the Components​

Before diving into the setup, let's understand the components involved:

• AWS SES: An email service that enables you to send and receive emails securely.
• AWS SNS: A flexible, fully managed pub/sub messaging and mobile notifications service for coordinating the delivery of messages to subscribing endpoints and clients.
• AWS Lambda: A serverless compute service that runs your code in response to events and automatically manages the underlying compute resources.

Read about SES Part - 1

The Need for Handling Bounces and Complaints​

Managing bounces and complaints efficiently is crucial for maintaining your organization’s email sender reputation. High rates of bounces or complaints can affect your ability to deliver emails and could lead to being blacklisted by email providers.

Step-by-Step Setup​

Step 1: Configuring SES​

First, configure your AWS SES to handle outgoing emails. This involves:

• Setting up verified email identities (email addresses or domains from which you'll send emails).
• Creating configuration sets in SES to specify how emails should be handled and tracked.

Step 2: Integrating SNS for Notifications​

The next step is to set up AWS SNS to receive notifications from SES. This is crucial for real-time alerts on email bounces or complaints:

• Create an SNS topic that SES will publish to when specified events (like bounces or complaints) occur.
• Configure your SES configuration set to send notifications to the created SNS topic.

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ses.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:us-east-1:<account number>:SES-tracking",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "<account number>"
        },
        "StringLike": {
          "AWS:SourceArn": "arn:aws:ses:*"
        }
      }
    }
  ]
}

Step 3: Using AWS Lambda for Automated Responses​

With SNS in place, integrate AWS Lambda to automate responses based on the notifications:

• Create a Lambda function that will be triggered by notifications from the SNS topic.
• Program the Lambda function to execute actions like logging the incident, updating databases, or even triggering remedial workflows.

import boto3, os, json
from botocore.exceptions import ClientError

# Set the global variables
fromEmail= str(os.getenv('from_email','from email address'))
ccEmail = str(os.getenv('cc_email','cc email address'))
toEmail = str(os.getenv('cc_email','to email address'))

awsRegion = str(os.getenv('aws_region','us-east-1'))
# The character encoding for the email.
CHARSET = "UTF-8"

# Create a new SES resource and specify a region.
sesClient = boto3.client('ses',region_name=awsRegion)

def sendSESAlertEmail(eventData):
    message = eventData['Records'][0]['Sns']['Message']
    print("message = "+message)
    
    bouceComplaintMsg = json.loads(message)
    print("bouceComplaintMsg == "+str(bouceComplaintMsg))

    json_formatted_str_text = pp_json(message )
    if "bounce" in bouceComplaintMsg:
        print("Email is bounce")

        # The email body for recipients with non-HTML email clients.
        BODY_TEXT = "SES: Bounce email notification" +"\r\n"+json_formatted_str_text        

        bounceEmailAddress = bouceComplaintMsg['bounce']['bouncedRecipients'][0]['emailAddress'] 
        bounceReason = bouceComplaintMsg['bounce']['bouncedRecipients'][0]['diagnosticCode'] 
        print("bounceEmailAddress == "+bounceEmailAddress)
        print("bounceReason == "+bounceReason)

        subject = "SES Alert: Email to "+bounceEmailAddress+" has bounced"

        # The HTML body of the email.
        BODY_HTML = """<html>
        <head></head>
        <body>
        <p>Email to %(bounceEmailAddressStr)s has bounced</p>
        <p>Reason: %(bounceReasonStr)s</p>
        <p>Complete details:%(jsonFormattedStr)s</p>
        </body>
        </html>""" %  { "bounceEmailAddressStr": bounceEmailAddress, "bounceReasonStr": bounceReason, "jsonFormattedStr": json_formatted_str_text}
        sendSESEmail (subject, BODY_TEXT, BODY_HTML)
    else:
        print("Email is Complaint")

        # The email body for recipients with non-HTML email clients.
        BODY_TEXT = "SES: Complaint email notification" +"\r\n"+json_formatted_str_text         

        complaintEmailAddress = bouceComplaintMsg['complaint']['complainedRecipients'][0]['emailAddress'] 
        complaintReason = bouceComplaintMsg['complaint']['complaintFeedbackType']
        print("complaintEmailAddress == "+complaintEmailAddress)
        print("complaintReason == "+complaintReason)

        subject = "SES Alert: Email "+complaintEmailAddress+" has raised a Complaint"

        # The HTML body of the email.
        BODY_HTML = """<html>
        <head></head>
        <body>
        <p>Email %(complaintEmailAddressStr)s has raised a Complaint</p>
        <p>Reason: %(complaintReasonStr)s</p>
        <p>Complete details:%(jsonFormattedStr)s</p>
        </body>
        </html>""" %  { "complaintEmailAddressStr": complaintEmailAddress, "complaintReasonStr": complaintReason, "jsonFormattedStr": json_formatted_str_text}
        sendSESEmail (subject, BODY_TEXT, BODY_HTML)


def sendSESEmail(SUBJECT, BODY_TEXT, BODY_HTML):
    # Send the email.
    try:
        #Provide the contents of the email.
        response = sesClient.send_email(
            Destination={
                'ToAddresses': [
                    toEmail,
                ],
                'CcAddresses': [
                    ccEmail,
                ]
            },
            Message={
                'Body': {
                    'Html': {
                        'Charset': CHARSET,
                        'Data': BODY_HTML,
                    },
                    'Text': {
                        'Charset': CHARSET,
                        'Data': BODY_TEXT,
                    },
                },
                'Subject': {
                    'Charset': CHARSET,
                    'Data': SUBJECT,
                },
            },
            Source=fromEmail,
        )
        print("SES Email Sent.....")
    # Display an error if something goes wrong. 
    except ClientError as e:
        print("SES Email sent! Message ID:"+ e.response['Error']['Message'])
    else:
        print("SES Email sent! Message ID:" + response['MessageId'])

def pp_json(json_thing, sort=True, indents=4):
    if type(json_thing) is str:
        print("json is a str")
        return (json.dumps(json.loads(json_thing), sort_keys=sort, indent=indents).replace(' ', '&nbsp;').replace('\n', '<br>'))
    else:
        return (json.dumps(json_thing, sort_keys=sort, indent=indents).replace(' ', '&nbsp;').replace('\n', '<br>'))

def lambda_handler(event, context):
    print(event)
    sendSESAlertEmail(event)

Step 4: Testing and Validation​

Once configured, it's important to test the setup:

• Send test emails that will trigger bounce or complaint notifications.
• Verify that these notifications are received by SNS and correctly trigger the Lambda function.

Step 5: Monitoring and Adjustments​

Regularly monitor the setup through AWS CloudWatch and adjust configurations as necessary to handle any new types of email issues or to refine the process.

Advanced Considerations​

Consider exploring more advanced configurations such as:

• Setting up dedicated Lambda functions for different types of notifications.
• Using AWS KMS (Key Management Service) for encrypting the messages that flow between your services for added security.

Please refer our Newsletter where we provide solutions to creating customer marketing newsletter.

Conclusion​

This setup not only ensures that your organization responds swiftly to critical email events but also helps in maintaining a healthy email environment conducive to effective communication. Automating the handling of email bounces and complaints with AWS SES, SNS, and Lambda represents a proactive approach to infrastructure management, crucial for businesses scaling their operations.