Mail Automation by AWS SES with Salesforce Integration

Introduction

The Business analysis is to automate the process of sending reply mail to authorized user from the mail id with its domain and mail id registered with Amazon SES. The reply mail body contains case id which is generated in Salesforce through AWS Lambda function.

Following are the services required from AWS.

Amazon SES 

Amazon Simple Email Service (SES) is a cost-effective, flexible, and scalable email service that enables developers to send transactional email or any type of high-quality content to receivers. Amazon SES's helps in protecting sender reputation by its flexible IP deployment and email authentication options. This service is mainly used to send mails securely and globally.

Use Case: A solution for forwarding inbound emails to domains that are not managed by Amazon SES. Going forward, we will get an idea, how to forward incoming email to an email address that is managed outside of Amazon SES by deploying python code in AWS Lambda, Amazon SES, Amazon S3.

Prerequisites

To complete this use case, we need to have a domain that receives incoming email. If you do not already have a domain, you can purchase one through Amazon Route 53. 

Architecture

This solution uses several AWS services to forward incoming emails to a single, external email address. The following diagram shows the flow of information in this solution.

   

The following actions occur in this solution:
1.    A new email is sent from an external sender to your domain. All the incoming mails          of your domain are handled by Amazon SES.
2.     An Amazon SES receipt rule saves the incoming message with message id in an S3             bucket.
3.     An Amazon SES receipt rule triggers the execution of a Lambda function.
4.     The Lambda function retrieves the message id from S3, and then creates a new case       object in salesforce. Salesforce sends mail content and particular object id to lambda.
5.     Lambda receives that content and sends it to Amazon SES.
6.     Amazon SES sends the message to the destination i.e., recipient’s mail address.

Email Automation Steps in AWS Could Services

Step 1: Set up Your Domain

1.    In Amazon SES, domain verification needs to be done that you want to use to receive incoming email. If you are a new user of Amazon SES, you must also verify the recipient's mail address, because your account is in a test environment called the Amazon SES sandbox.

2.    Register that domain and verify by adding SES TEXT value in domain. Once, addition of domain done successfully then with 30min, domain will be verified from AWS.

3.       Add the following MX record to the DNS configuration for your domain:


10 inbound-smtp.<regionInboundUrl>.amazonaws.com

Replace <regionInboundUrl> with the URL of the email receiving endpoint for the AWS Region that you use Amazon SES in.

4.       Add SES IP range to your mail domain server. Whitelisting of IP in organization level should be communicated to AWS.

5.       Submit a request to remove your account if your account is still in the Amazon SES. Sandbox.

Step 2: Configure Your S3 Bucket

1.       In Amazon S3, create a new bucket or choose existing bucket.

2.     Configure IAM role by applying the following policy to the bucket:

         {

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "AllowSESPuts",

            "Effect": "Allow",

            "Principal": {

                "Service": "ses.amazonaws.com"

            },

            "Action": "s3:PutObject",

            "Resource": "arn:aws:s3:::<bucketName>/*",

            "Condition": {

                "StringEquals": {

                    "aws:Referer": "<awsAccountId>"

                }

            }

        }

    ]

}  

3.       In the policy, make the following changes:

·         Replace <bucketName> with the name of your S3 bucket.

·         Replace <awsAccountId> with your AWS account ID.

Step 3: Create an IAM Policy and Role:

1.   Create a new IAM Policy with the following permissions:

    {

            {

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": [

                "logs:CreateLogStream",

                "logs:CreateLogGroup",

                "logs:PutLogEvents"

            ],

            "Resource": "*"

        },{

            "Sid": "VisualEditor1",

            "Effect": "Allow",

            "Action": [

                "s3:GetObject",

                "ses:SendRawEmail"

            ],

            "Resource": [

                "arn:aws:s3:::<bucketName>/*",

                "arn:aws:ses:<region>:<awsAccountId>:identity/*"

            ]

        }

    ]}

Create a new IAM Policy with the following permissions:

In the preceding policy, make the following changes:

·  Replace <region> with the name of the AWS Region that you created the bucket in.

2.    Create a new IAM role. Attach the policy that you just created to the new role.

Step 4: Create a Lambda Function

1.     In the Lambda console, create a new Python 3.7 function from scratch. Choose an IAM role that created in previous steps for the execution role.

2.       Deploy your python code which is for salesforce support. 

3.       Create environment variables whatever required for salesforce as follows:

4.       Create the following environment variables for s3 and mail addresses in the Lambda function: 

Key

Value

MailS3Bucket

S3 bucket name that you created earlier.

MailS3Prefix

The path of the folder where you will store message id.

MailSender

The address that the mail to be sent from.

MailRecipient

The address that you want to forward the message to.

Region

The name of the AWS Region that you want to use to send the email.

Step 5: Create a receipt Rule Set:

1.       In the Amazon SES console, create a new Receipt Rule Set.

                    

2.       Add an s3 action to the Receipt Rule Set that you just created. Configure the S3 action to send your email to the S3 bucket that you created earlier.                         

3. Add a Lambda function and s3 to the Receipt Rule in Actions tab.

Step 6: Test the Function

To test the function, send an email to recipient mail address which is in the Receipt Rule that was created earlier. In a minute or two, the email reverts to the inbox that you specified in the MailRecipient variable of the Lambda function.

Troubleshooting

If in case the mail did not reverted to the destination email address even after sending a test mail, do the following:

·      Check for the Amazon SES Receipt Rule and make sure it is active.

·   Make sure that recipient email address matches with the specified in MailRecipient variable of the Lambda function.

·      You can also check for the errors in CloudWatch Log for the Lambda function created.

·    Subscribe an email address or corresponding phone number to the SNS topic and send another test email.

If you receive a bounce notification after sending a test mail, then do the following:

·         Make sure that the domain verification process is completed successfully.

·         Make sure that the receipt rule is handling the email address which you are sending.

Costs of using this solution

Refer the following link for cost related queries.

https://aws.amazon.com/ses/pricing/

Limitations

This solution supports in all available AWS Regions where Amazon SES is available. 

Conclusion

·   This solution makes it possible to forward incoming email from one of the Amazon SES verified domains to a verified email address.

·    This solution can be used, if you have multiple AWS accounts, and you want to send all incoming mails to single destination from each of those accounts. 

 

 

 

Comments

Post a Comment

Popular posts from this blog

Allow access to an RDS instance from DMS which is outside your AWS account.

Image
USE CASE: If you are looking to allow AWS RDS access through DMS service which is outside your VPC or across different AWS accounts then this blog is going to help. DESCRIPTION: We can use any of the DB instances. Here, we are going to use AWS RDS SQL Server (Amazon Relational Database Service) and SSMS client for testing purpose.  Amazon RDS is a web service that makes it easier to set up, operate and scale a relatonal database in AWS cloud. It provides cost-efficient, resizable capacity for an industrial-standard relational database and manages common database administration tasks. . STEP 1: Create an RDS SQL Server or choose an existing instance, after logging into AWS Management Console. NOTE : We connect to the RDS SQL Server from SSMS client.   STEP 2: Modify the created RDS with the following: By default public accessibility will be ‘no’, change it to ‘yes’.   Go to Networking section and click on VPC . STEP 3: Make a note of IPv4 CIDR. STEP 4: Go back to DB insta
Read more