Skip to main content

Deploying Email logging infrastructure

Prerequisites

  1. Access to AWS account (with atleast SES, SNS, lambda access).
  2. MySQL database (preferably RDS).

Create Security Group

  1. Create a blank security group named email-lambda-rds-access.
  2. Allow this secutiry group in the inbound rule of the security group of the database.

Create Lambda function

  1. Create a new blank Lambda function named email-logs from the AWS Console with Python runtime and x86_64 architecture.
  2. Go to the IAM role of the lambda function and add the following AWSLambdaVPCAccessExecutionRole managed policy to the role.
  3. Download the function code from here and extract it.
  4. Upload the zip to the lambda function.
  5. Go to Configuration > Environment Variables. Click Edit and Add environment variables.
  6. Add the following keys and their corresponding values:
    • DB_NAME
    • HOST
    • USER
    • PASSWORD
  7. Go to Configuration > VPC. Click Edit.
  8. Choose a VPC, Subnets and for security group select email-lambda-rds-access created previously.
Note

The Lambda function and RDS should be in the same VPC.

Create SNS Topic

  1. Go to the AWS SNS console home.
  2. Create a new SNS topic named email-logs. Choose standard for topic type.
  3. Keep all other settings as default.
  4. Now, go to Subcriptions > Create Subcription.
  5. Select the ARN of the SNS topic you created just now.
  6. For Protocol select AWS Lambda.
  7. Enter the ARN of the lambda function email-logs created previously.

Configuring SES

  1. Go to the SES console > Verified Identities and select the identity for which you want to enable logging.
  2. Go to the Notifications > Feedback notifications > Edit.
  3. For Bounce, Complaint and Delivery feedback select the SNS topic email-logs created previously.
  4. Check Include original email headers for all types.

Testing

  1. Send a test email from the identity.
  2. If all the configurations are correct an entry can be seen in the database.