Debugging Amazon SQS not receiving SES bounce and complaint notifications? I hear you. Navigating and figuring out tons of seemingly identical documentation articles written in the wordiest way feels impossible.
In short, I got it to work by following this basic scenario:
- setting up an SNS topic;
- selecting that topic in Feedback notifications for a specific Verified identity (a domain in my case);
- subscribing a standard SNS queue to that topic.
Here are a few gotchas I had to figure out myself.
- Configuration Set → Event Destinations is not needed in this scenario: on one hand, it won't trigger the SNS topic on its own, and on the other hand, if you trigger the SNS topic using Feedback notifications, it's redundant
- Verified identity → Email feedback forwarding has no effect, unlike what this answer suggests, so you can keep it enabled in order to receive a backup copy of the full complaint over email
- The default access policy that SQS suggests won't work, use this policy which specifically lists the SNS topic arn instead:
{ "Statement": [ { "Effect": "Allow", "Principal": { "Service": "sns.amazonaws.com" }, "Action": "sqs:SendMessage", "Resource": "arn:aws:sqs:us-east-2:123456789012:MyQueue", "Condition": { "ArnEquals": { "aws:SourceArn": "arn:aws:sns:us-east-2:123456789012:MyTopic" } } } ] } - The complaints from the simulator were immediate in my case and I did not have to wait, unlike what answers here suggest
- When setting up Feedback notifications, check Include original headers if you want the notification to include the subject line
Test by using the simulator available at e.g. complaint@simulator.amazonses.com for complaints. Once you got your complaints in your SQS queue, you can pull them via API. Or you can drop SQS completely, and have your SNS topic send the notifications to you via HTTP requests etc.
Sources