I want to use Amazon Simple Email Service (Amazon SES) as the SMTP host to send emails from Amazon Managed Workflows for Apache Airflow (Amazon MWAA) DAG tasks.
Resolution
To use Amazon SES as the SMTP host to send emails from Amazon MWAA DAG tasks, complete the following steps:
-
Set up email sending with Amazon SES.
-
Create Amazon SES SMTP credentials to send emails in Amazon MWAA.
Note: The SMTP interface credentials are different from the access keys that you create with AWS Identity Access and Management (IAM) for an SMTP user.
-
Attach your Apache Airflow configuration options to your environment.
-
Set the following values for the configuration options:
email.email_backend to airflow.utils.email.send_email_smtp. See email_backend on the Apache Airflow website.
smtp.smtp_host to **email-smtp.region.**amazonaws.com. Replace region with your AWS Region. See smtp_host on the Apache Airflow website.
smtp.smtp_starttls to False. See smtp_starttls on the Apache Airflow website.
smtp.smtp_ssl to True. See smtp_ssl on the Apache Airflow website.
smtp.smtp_port to 587. See smtp_port on the Apache Airflow website.
Note: Use port 587 for SMTP traffic. By default, AWS blocks outbound SMTP traffic on port 25 from all Amazon Elastic Compute Cloud (Amazon EC2) instances. To send outbound traffic on port 25, request to remove the restriction.
smtp.smtp_mail_from to your email address. See smtp_mail_from on the Apache Airflow website.
-
Use your Amazon SES SMTP credentials to add the configuration options smtp.smtp_user and smtp.smtp_password as plain text.
Note: It's a best practice to store your SMTP credentials in AWS Secrets Manager.
-
Create a Secrets Manager secret for the SMTP user and password. Use a startup script to set the environment variables.
-
Add the following startup.sh script to the Apache Airflow Amazon Simple Storage Service (Amazon S3) bucket:
Note: Your Amazon MWAA execution role must have permission to retrieve individual secret values.
#!/bin/sh
# Get the SMTP username and password from secrets manager
username=$(aws secretsmanager get-secret-value —secret-id airflow/variables/smtp.smtp_user —query SecretString —output text)
password=$(aws secretsmanager get-secret-value —secret-id airflow/variables/smtp.smtp_password —query SecretString —output text)
# Set the SMTP Environment variables with the username and password retrieved from Secrets Manager
export AIRFLOW__SMTP__SMTP_USER=$username
export AIRFLOW__SMTP__SMTP_PASSWORD=$password
# Print the SMTP user
echo "SMTP user is $AIRFLOW__SMTP__SMTP_USER"
-
Update the Amazon MWAA environment with the preceding email configuration options and the Amazon S3 path for the startup script.
Note: When you create or update the environment, the Apache Airflow callbacks for success, failure, and retry use the preceding configuration. You can also use tasks with EmailOperator to send emails. For more information, see airflow.operators.email on the Apache Airflow website.