Those 60k free emails only apply when SES is invoked from an EC2 instance or Elastic Beanstalk

> Those 60k free emails only apply when SES is invoked from an EC2 instance or Elastic Beanstalk

What stops you from putting a service running on a free tier EC2 instance to listen to requests to call SES?

Nothing, it's just another layer you have to manage yourself (sidenote: the free tier EC2 instance is free for 12 months since the AWS account creation).

You'd also need to make communication secure, and use some authorization mechanism to avoid abuse and email addresses leaks (or other private information you might be passing to your service to include in the email).

> Nothing, it's just another layer you have to manage yourself

You already have to manage that layer. From your description, the only choice that was really on the table was whether AWS SES was a good enough reason to port a entire system to AWS, or if it was reasonable to just deploy the email firing service to AWS.

> You'd also need to make communication secure, and use some authorization mechanism to avoid abuse and email addresses leaks (or other private information you might be passing to your service to include in the email).

You still need to do that even if the service is running on AWS. Running the SES client in a VPC is also a very poorly researched excuse as you can put up a privatelink connection to get the same effect.

All in all, it's hard to believe that someone thought it was a good idea to port an entire system to a different cloud provider just because they wanted to send emails.

I think they mean having a seperate small service just for mailing on beanstalk.