Deploying Email logging infrastructure
Prerequisites
- Access to AWS account (with atleast SES, SNS, lambda access).
- MySQL database (preferably RDS).
Create Security Group
- Create a blank security group named email-lambda-rds-access.
- Allow this secutiry group in the inbound rule of the security group of the database.
Create Lambda function
- Create a new blank Lambda function named email-logs from the AWS Console with Python runtime and x86_64 architecture.
- Go to the IAM role of the lambda function and add the following AWSLambdaVPCAccessExecutionRole managed policy to the role.
- Download the function code from here and extract it.
- Upload the zip to the lambda function.
- Go to Configuration > Environment Variables. Click Edit and Add environment variables.
- Add the following keys and their corresponding values:
- DB_NAME
- HOST
- USER
- PASSWORD
- Go to Configuration > VPC. Click Edit.
- Choose a VPC, Subnets and for security group select email-lambda-rds-access created previously.
Note
The Lambda function and RDS should be in the same VPC.
Create SNS Topic
- Go to the AWS SNS console home.
- Create a new SNS topic named email-logs. Choose standard for topic type.
- Keep all other settings as default.
- Now, go to Subcriptions > Create Subcription.
- Select the ARN of the SNS topic you created just now.
- For Protocol select AWS Lambda.
- Enter the ARN of the lambda function email-logs created previously.
Configuring SES
- Go to the SES console > Verified Identities and select the identity for which you want to enable logging.
- Go to the Notifications > Feedback notifications > Edit.
- For Bounce, Complaint and Delivery feedback select the SNS topic email-logs created previously.
- Check Include original email headers for all types.
Testing
- Send a test email from the identity.
- If all the configurations are correct an entry can be seen in the database.