When building event-driven SaaS applications, it's easy to get hyper-focused on the features and forget about the legalities.
My application uses an Amazon EventBridge Cronjob to trigger an SQS queue, which invokes a Lambda to analyze finances with Bedrock and send a daily email via SES. It works perfectly. Too perfectly. Users had no way to stop the emails.
The Risk
AWS strictly monitors bounce and complaint rates on SES. If I don't provide a 1-click unsubscribe link, my domain reputation will tank, and AWS will revoke my production access.
The Serverless Solution
Instead of spinning up a separate API, I handled this directly within my existing Lambda Function URL architecture:
- The Interceptor: I updated my lambda_function.py to catch HTTP GET requests looking for action=unsubscribe.
if http_method == 'GET' and query_params.get('action') == 'unsubscribe':
unsub_user = query_params.get('user_id')
if unsub_user:
profile = get_user_profile(unsub_user, "User")
profile['wants_daily_email'] = False
save_user_profile(profile)
return {
'statusCode': 200,
'headers': {"Content-Type": "text/html"},
'body': "
}
- The Fan-Out Filter: When EventBridge wakes up the Lambda to queue the emails, it now reads the DynamoDB profile first. If wants_daily_email is False, the user is never added to the SQS queue, saving both the user's inbox and my compute costs.
Always build the exit door before you launch.
Top comments (0)