Maybe someone else can answer the SES-specific implementation details pertaining to your question, so take my following answer with a grain of salt.
Basic auth is a challenge-response mechanism, so it is generally considered best practice to only send credentials when prompted. This allows for redirects to occur for example (e.g. upgrade the connection to HTTPS if initiated over HTTP), so the credentials only being sent when necessary.
Proper handling of SES bounces sent to sender's reply address (when already using SNS service to handle bounces)Accepted Answerasked 10 months ago
SES Open and Click Tracking Not WorkingAccepted Answerasked 4 years ago
Can we send email notifications from SNS using our own domain?Accepted Answerasked 6 months ago
Simple Email Service (SES) notifications via Simple Notification Service (SNS) - JSON sent is different from documenation?asked 8 months ago
SNS HTTPS Subscription - Invalid parameter: Unreachable Endpointasked 7 months ago
WAF managed rules blocking SES incoming email notificationsasked 9 months ago
AWS SNS SES notifications to basic-auth HTTPS endpoint always sent twiceasked 22 days ago
Can't understand how to get SNS event data via HTTPS API endpoint protocolasked 3 months ago
Some of my domains set in SES didn't send notifications to my SNS topic.asked 2 years ago
Sensing SNS email notifications from my domainasked 8 months ago