I have an Elasticsearch 2.1.x cluster + Shield + Watcher installed on AWS EC2 instances. Would like to be able to send email using AWS Simple Email Service (SES), but security team insists that IAM roles be used instead of the SES username and password. Is there a plugin for Watcher that either supports IAM integration or supports calling custom code when condition statement of an action is true? cloud-aws-plugin doesn't seem to support SES. I know webhook could be used to call custom code -- I'm looking for alternatives to building a highly reliable web service just for handling watcher requests to send email via SES.
Alternatively we might be able to get approval to use the SES username / password if it can be encrypted in the config file somehow. Any ideas? Thanks in advance