Sending SES emails triggered from another region

My stack exists in ap-southeast-2 yet SES is only offered in 3 regions, closest being us-west-2.

I want to send an email triggered by a DynamoDB stream new image event, of which the table exists in a different region.

I have attempted to do this all in the one serverless stack, but have since split it out (thus the long stream ARN as a string - see below) - to no avail!

My trimmed serverless setup is:

...

provider:
  name: aws
  runtime: nodejs6.10
  stage: ${opt:stage, self:custom.defaultStage}
  region: us-west-2
  environment: ${file(../../env.yml)}

...

functions:
  notify:
    handler: notify.newThing
    events:
      - stream:
          type: dynamodb
          batchSize: 1
          startingPosition: LATEST
          arn: 'arn:aws:dynamodb:ap-southeast-2:${self:provider.environment.awsAccountNumber}:table/${self:provider.environment.thingTable}-${self:provider.stage}/stream/*'

It actually won’t let me do this, error when I deploy is:

Event source region must match Lambda region us-west-2.

So, any crafty way I can trigger an email to send via SES (from us-west-2) when all of my stack exists in ap-southeast-2?

Run the lambda trigger in the same region as the DynamoDB table. When constructing the AWS.SES service in the lambda, pass in the region to connect to like this:

const ses = new AWS.SES({region: ‘us-west-2’});
ses.sendEmail(…)

I’ve got a lambda in us-east-2 sending emails out through SES in us-east-1 this way

2 Likes

Thanks @bwinant, this was something I was missing. I was updating the region (AWS.config.region = xxx) but not instantiating SES like this.

I also was missing the iamRoleStatements effect:

  iamRoleStatements:
    - Effect: 'Allow'
      Action:
        - 'ses:SendEmail'
      Resource:
        - 'arn:aws:ses:us-west-2:${self:provider.environment.awsAccountNumber}:*'