Log Management
Alerting
Destinations
Amazon SES

Amazon SES

Deliver alert mail through Amazon SES instead of raw SMTP—ideal when you already standardise on AWS for outbound email. Set alert: ses and supply ses_email, ses_from_addr, and AWS auth as needed.

Use Options for key-by-key reference, then Full working example for copy-paste YAML you can tailor to your stack.

Options

Keys below match the ElastAlert 2 alerter. Shared rule fields such as alert_subject apply as described in Subject & body. Example fragments from the ElastAlert 2 reference appear indented under the option they illustrate (add your own name, type, index, and filter to make a full rule).

Required

  • ses_email — An address or list of addresses to sent the alert to.

single address example

 ses_email: "one@domain"

multiple address example

 ses_email:
   - "one@domain"
   - "two@domain"
  • ses_from_addr — This sets the From header in the email.

Optional

  • ses_aws_access_key — An access key to connect to AWS SES with.

Example When not using aws_profile usage

 alert:
   - "ses"
 ses_aws_access_key_id: "XXXXXXXXXXXXXXXXXX"
 ses_aws_secret_access_key: "YYYYYYYYYYYYYYYYYYYY"
 ses_aws_region: "us-east-1"
 ses_from_addr: "[email protected]"
 ses_email: "[email protected]"

  • ses_aws_secret_key — The secret key associated with the access key.

  • ses_aws_region — The AWS region in which the AWS SES resource is located. Default is us-east-1

  • ses_aws_profile — The AWS profile to use. If none specified, the default will be used.

Example When to use aws_profile usage

 # Create ~/.aws/credentials
 
 [default]
 aws_access_key_id = xxxxxxxxxxxxxxxxxxxx
 aws_secret_access_key = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
 
 # Create ~/.aws/config
 
 [default]
 region = us-east-1
 
 # alert rule setting
 
 alert:
   - "ses"
 ses_aws_profile: "default"
 ses_from_addr: "[email protected]"
 ses_email: "[email protected]"

  • ses_email_reply_to — This sets the Reply-To header in the email.

  • ses_cc — This adds the CC emails to the list of recipients. By default, this is left empty.

single address example (2)

 ses_cc: "one@domain"

multiple address example (2)

 ses_cc:
   - "one@domain"
   - "two@domain"
  • ses_bcc — This adds the BCC emails to the list of recipients but does not show up in the email message. By default, this is left empty.

single address example (3)

 ses_bcc: "one@domain"

multiple address example (3)

 ses_bcc:
   - "one@domain"
   - "two@domain"

Full working example

name: Example alert for Amazon SES
type: any
index: "*-*"
filter:
  - query:
      query_string:
        query: "level:error OR log.level:error"
alert:
  - "ses"
ses_email: "[email protected]"
ses_from_addr: "[email protected]"
ses_aws_region: "eu-west-1"
AlertmanagerAmazon SNS