Search code examples
amazon-web-servicesaws-lambdaamazon-ses

Encrypt emails sent from AWS lambda using SES

I am working on a lambda function using SES to send emails having a CSV file as attachment. I have domain identity verified for all my organization team mates.

Any suggestions best way to encrypt data/email where users not require to use any decrypt key(as many may not have AWS access). Or is there any way we can make sure only domain users can view this file, if its even forwarded to non domain user email attachment cannot be read.

Solution

  • Rather than sending files via email, a better approach would be:

    • Store the file in Amazon S3, as a private object (not publicly accessible)
    • Have the AWS Lambda function generate an Amazon S3 pre-signed URL, which provides time-limited access to private objects in Amazon S3
    • Include the URL in the e-mail
    • Recipients can click the link to download the file, as long as it is within the expiry period

    This is similar to providing a link to a file stored in DropBox. Only somebody with the link can access the object.