I'm getting runtime exception:
AccessDenied: User arn:aws:sts::431535252:assumed-role/...some-lambda' is not authorized to perform 'ses:SendEmail' on resource `arn:aws:ses:us-east-1:52452465462:identity/contact@somedomain.com
Looking at the docs here, I wasn't able to figure out how to grant that permission.
Currently, need to manually add a policy to the execution role for the lambda:
theLambda.addToRolePolicy(new iam.PolicyStatement({
actions: ['ses:SendEmail', 'SES:SendRawEmail'],
resources: ['*'],
effect: iam.Effect.ALLOW,
}));