Export SES bounce notifications to a location where the VM team can view and search them

[jsf9k]

💡 Summary

There is an SNS topic that is triggered whenever we have a bounce notification from SES. Whenever the topic is triggered we currently send emails to the vulnerability inbox and to the dev team. Given the uselessness of the vulnerability inbox, we should export these notifications somewhere where the VM team can view and search them.

Motivation and context

@jeffkause mentioned to me this morning that the VM team would like to be able to view and search these notifications in something like a CloudWatch log group.

Implementation notes

SNS topics allow these types of subscriptions:

• A Lambda
• An SQS queue
• A Kinesis firehose
• Email
• SMS
• An HTTPS endpoint

Acceptance criteria

How do we know when this work is done?

• [ ] The VM team can view and search SES bounce notifications.

[felddy]

SWAG: current bounce notifications volume is normally around 300 weekly:

• ~200 from the weekly reports
• ~100 from daily notifications

[jsf9k]

We could dump the bounces to an S3 bucket and let them use AWS Athena to search them.