My organization's AWS account got an alert that we sent over 10,000 emails last week, many of which were marked as spam.
The catch is: No emails were supposed to be sent, we don't know who did it, and thus we're suspecting that it was a malicious actor.
How can we see a history of all emails sent and log all future SES emails? Specifically, can we see the contents of those emails? Is there a way we can determine who/which user sent those emails?
I'd like to emphasize that I need to see all emails sent by SES, regardless of region or any other parameters.
Any other tips or tricks?
This tutorial seems like overkill: https://aws.amazon.com/premiumsupport/knowledge-center/ses-email-sending-history/
yes using CloudWatch Metrics you can easily find all the metrics associated with ses, for future try using a notification system using cloudwatch and sns when something happens
Docs https://docs.aws.amazon.com/ses/latest/dg/monitor-sending-activity-console.html
Yes use cloud trail events
I am afraid No, you can't, you might need to build custom solution like creating an event, and then processing contents with lambda.