Automating Email Forwarding Setup using SES Domain Identity
TypeScriptWhen automating email forwarding using AWS Simple Email Service (SES), we need to create and verify a domain identity, set up receipt rules to handle inbound email reception, and optionally you might also add DKIM (DomainKeys Identified Mail) settings to confirm that the emails were not tampered with in transit.
Below is a Pulumi program in TypeScript that automates the setup of a domain identity in SES and configures email forwarding by creating the necessary receipt rule. The specific steps undertaken in the code are:
- Create an SES domain identity.
- Verify the created domain identity (usually requires adding DNS records to your DNS provider, which is a manual step outside the scope of this automation).
- Create an SES receipt rule to define actions when emails are received (in this case, forwarding the email to a specified address).
Here's the program:
import * as aws from "@pulumi/aws"; // Replace with your domain and target email address. const domainName = "example.com"; const targetEmailAddress = "forward-to@example.com"; // Create a new SES domain identity const domainIdentity = new aws.ses.DomainIdentity("my-domain-identity", { domain: domainName, }); // Verify the SES domain identity. // Normally, you need to add the TXT record to your DNS settings manually. const domainIdentityVerification = new aws.ses.DomainIdentityVerification("my-domain-identity-verification", { domain: domainIdentity.id, }); // Create an SES receipt rule set (a collection of rules). const ruleSet = new aws.ses.ReceiptRuleSet("my-rule-set", {}); // Create an SES receipt rule to forward emails received at this domain const receiptRule = new aws.ses.ReceiptRule("my-receipt-rule", { ruleSetName: ruleSet.id, recipients: [domainName], enabled: true, s3Actions: [ { position: 0, bucketName: "my-emails-bucket", objectKeyPrefix: "emails/", // Emails will be saved with this prefix in S3. }, ], // You can add more actions, like bouncing, adding headers, or even processing with AWS Lambda. // For the sake of simplicity, the current rule just stores the incoming emails to S3. }); // Export the domain name and the S3 bucket name export const emailDomain = domainName; export const bucketNameForEmails = receiptRule.s3Actions[0].bucketName;
Explanation of the key parts:
aws.ses.DomainIdentity
: Configures SES to accept emails for the given domain.aws.ses.DomainIdentityVerification
: Automates the verification of the SES domain identity. Note that you'll need to manually add DNS records provided by AWS to your DNS provider.aws.ses.ReceiptRuleSet
: Represents a collection of receipt rules.aws.ses.ReceiptRule
: Defines the actions SES should take when an email is received. Here, it stores the received emails in an S3 bucket using thes3Actions
property.
Important things to note:
- Normally, verifying a domain identity in SES requires a manual step: you have to add a TXT record with your DNS provider. This cannot be automated through SES as it depends on your domain registrar or DNS provider's API.
- The program does not automatically configure a forwarding action (like sending to another email address) because AWS SES does not natively support direct email forwarding in this way. Instead, emails are saved to S3, from where you could further process them using additional AWS services such as AWS Lambda.
- Replace
my-emails-bucket
with the actual S3 bucket you want to use for storing emails. You will need to create this bucket separately, as this code assumes the bucket already exists. Be sure you set up the bucket with the proper policy to accept writes from SES. - In production, you'd likely want to add more features, like proper error handling, logging, sending notifications, and integrating with services to process or forward the email programmatically.
Remember that you can find more details about each AWS SES resource at the Pulumi AWS Provider documentation: