AWS CDK constructs to receive emails with SES and forward them to any other email address.
This AWS CDK construct allows you to setup email forwarding mappings in AWS SES to receive emails from your domain and forward them to another email address.
All of this is possible without hosting your own email server, you just need a domain.
For example, if you own a domain example.org and want to receive emails for hello@example.org and privacy@example.org, you can forward emails to whatever@provider.com.
This is achieved by using a Lambda function that forwards the emails using aws-lambda-ses-forwarder.
This construct is creating quite a few resources under the hood and can also automatically verify your domain and email addresses in SES.
Consider reading the Architecture section below if you want to know more about the details.
Forward all emails received under hello@example.org to whatever+hello@provider.com:
new EmailForwardingRuleSet(this, 'EmailForwardingRuleSet', {// make the underlying rule set the active oneenableRuleSet: true,// define how emails are being forwardedemailForwardingProps: [{// your domain name you want to use for receiving and sending emailsdomainName: 'example.org',// a prefix that is used for the From email address to forward your mailsfromPrefix: 'noreply',// a list of mappings between a prefix and target email addressemailMappings: [{// the prefix matching the receiver address as <prefix>@<domainName>receivePrefix: 'hello',// the target email address(es) that you want to forward emails totargetEmails: ['whatever+hello@provider.com']}]}]});
Forward all emails for a domain example.org to whatever+hello@provider.com:
new EmailForwardingRuleSet(this, 'EmailForwardingRuleSet', {// make the underlying rule set the active oneenableRuleSet: true,// define how emails are being forwardedemailForwardingProps: [{// your domain name you want to use for receiving and sending emailsdomainName: 'example.org',// a prefix that is used for the From email address to forward your mailsfromPrefix: 'noreply',// a list of mappings between a prefix and target email addressemailMappings: [{// matches all email addresses for 'example.org'receiveEmail: '@example.org',// the target email address(es) that you want to forward emails totargetEmails: ['whatever+hello@provider.com']}]}]});
Forward all emails to hello@example.org to whatever+hello@provider.com and verify the domain example.org in SES:
new EmailForwardingRuleSet(this, 'EmailForwardingRuleSet', {emailForwardingProps: [{domainName: 'example.org',// let the construct automatically verify your domainverifyDomain: true,fromPrefix: 'noreply',emailMappings: [{receivePrefix: 'hello',targetEmails: ['whatever+hello@provider.com']}]}]});
If you don’t want to verify your domain in SES or you are in the SES sandbox, you can still send emails to verified email addresses.
Use the property verifyTargetEmailAddresses in this case and set it to true.
For a full & up-to-date reference of the available options, please look at the source code of EmailForwardingRuleSet and EmailForwardingRule.
Since the verification of domains requires to lookup the Route53 domains in your account, you need to define your AWS account and region.
You can do it like this in your CDK stack:
const app = new cdk.App();class EmailForwardingSetupStack extends cdk.Stack {constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {super(scope, id, props);new EmailForwardingRuleSet(this, 'EmailForwardingRuleSet', {// define your config here});}}new EmailForwardingSetupStack(app, 'EmailForwardingSetupStack', {env: {account: '<account-id>',region: '<region>'}});
There are probably more - happy to hear them :)
npm i -D @seeebiii/ses-email-forwarding
Take a look at package.json to make sure you’re installing the correct version compatible with your current AWS CDK version.
See more details on npmjs.com: @seeebiii/ses-email-forwarding"">https://www.npmjs.com/package/@seeebiii/ses-email-forwarding
<dependency><groupId>de.sebastianhesse.cdk-constructs</groupId><artifactId>ses-email-forwarding</artifactId><version>4.0.1</version></dependency>
See more details on mvnrepository.com: https://mvnrepository.com/artifact/de.sebastianhesse.cdk-constructs/ses-email-forwarding/
package com.example;import de.sebastianhesse.cdk.ses.email.forwarding.EmailForwardingProps;import de.sebastianhesse.cdk.ses.email.forwarding.EmailForwardingRuleSet;import de.sebastianhesse.cdk.ses.email.forwarding.EmailMapping;import java.util.Arrays;import software.amazon.awscdk.core.App;import software.amazon.awscdk.core.Construct;import software.amazon.awscdk.core.Environment;import software.amazon.awscdk.core.Stack;import software.amazon.awscdk.core.StackProps;public class SesEmailForwardingJavaTestApp {public static void main(final String[] args) {App app = new App();new SesEmailForwardingJavaTestStack(app, "CdkEmailForwardingJavaTestStack", StackProps.builder().env(Environment.builder().account("123456789") // TODO: replace with your account id.region("us-east-1") // TODO: replace with your region.build()).build());app.synth();}static class SesEmailForwardingJavaTestStack extends Stack {public SesEmailForwardingJavaTestStack(final Construct scope, final String id) {this(scope, id, null);}public SesEmailForwardingJavaTestStack(final Construct scope, final String id, final StackProps props) {super(scope, id, props);EmailForwardingProps exampleProperties = EmailForwardingProps.builder().domainName("example.org")// true if you own the domain in Route53, false if you need to manually verify it.verifyDomain(true).fromPrefix("noreply").emailMappings(Arrays.asList(EmailMapping.builder().receiveEmail("hello@example.org").targetEmails(Arrays.asList("email+hello@provider.com")).build(),EmailMapping.builder().receiveEmail("privacy@example.org").targetEmails(Arrays.asList("email+privacy@provider.com")).build())).build();EmailForwardingRuleSet.Builder.create(this, "example-rule-set").ruleSetName("example-rule-set").emailForwardingProps(Arrays.asList(exampleProperties)).build();}}}
pip install ses-email-forwarding
See more details on PyPi: https://pypi.org/project/ses-email-forwarding/
An artifact is pushed up to NuGet.org: https://www.nuget.org/packages/Ses.Email.Forwarding/
# Create a new directorymkdir ExampleApplication && cd ExampleApplication# Scaffold a C# CDK projectcdk init --language csharp# Add dependenciescd src/ExampleApplicationdotnet add package Ses.Email.Forwardingdotnet add package Amazon.CDK.AWS.SNS.Subscriptions# Remove example stack and global suppressions (silenced by way of using discards)rm ExampleApplicationStack.cs GlobalSuppressions.cs
using Amazon.CDK;using Amazon.CDK.AWS.SNS;using Amazon.CDK.AWS.SNS.Subscriptions;using SebastianHesse.CdkConstructs;using Construct = Constructs.Construct;namespace ExampleApplication{public sealed class Program{public static void Main(){var app = new App();_ = new MailboxStack(app, nameof(MailboxStack), new StackProps{Env = new Environment{// Replace with desired accountAccount = "000000000000",// Replace with desired regionRegion = "us-east-1"}});app.Synth();}}public sealed class MailboxStack : Stack{public MailboxStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props){var notificationTopic = new Topic(this, nameof(EmailForwardingProps.NotificationTopic));// 'Bounce' and 'Complaint' notification types, in association with the domain being verified, will be sent// to this email addressnotificationTopic.AddSubscription(new EmailSubscription("admin@provider.com"));_ = new EmailForwardingRuleSet(this, nameof(EmailForwardingRuleSet), new EmailForwardingRuleSetProps{EmailForwardingProps = new IEmailForwardingProps[]{new EmailForwardingProps{// If your domain name has already been verified as a domain identity in SES, this does not// need to be toggled onVerifyDomain = true,// This is the prefix that will be used in the email address used to forward emailsFromPrefix = "noreply",// This domain name will be used to send and receive emailsDomainName = "example.org",// A list of mappings between a prefix and target email addressesEmailMappings = new IEmailMapping[]{new EmailMapping{// Emails received by hello@example.org will be forwardedReceivePrefix = "hello",// Emails will be forwarded to admin+hello@provider.comTargetEmails = new []{"admin+hello@provider.com"}}},// This notification topic be published to when events in association with 'Bounce' and// 'Complaint' notification types occurNotificationTopic = notificationTopic}}});}}}
This package provides two constructs: EmailForwardingRuleSet and EmailForwardingRule.
The EmailForwardingRuleSet is a wrapper around ReceiptRuleSet but adds a bit more magic to e.g. verify a domain or target email address.
Similarly, EmailForwardingRule is a wrapper around ReceiptRule but adds two SES rule actions to forward the email addresses appropriately.
This means if you want the full flexibility, you can use the EmailForwardingRule construct in your stack.
You can also send emails over SES using this construct because it provides the basics for sending emails: a verified SES domain or email address identity.
You need to do the following if you’re using the EmailForwardingRuleSetConstruct:
verifyDomain or verifyTargetEmailAddresses to true.The EmailForwardingRuleSet creates a EmailForwardingRule for each forward mapping.
Each rule contains an S3Action to store the incoming emails and a Lambda Function to forward the emails to the target email addresses.
The Lambda function is just a thin wrapper around the aws-lambda-ses-forwarder library.
Since this library expects a JSON config with the email mappings, the EmailForwardingRule will create an SSM parameter to store the config.
(Note: this is not ideal because an SSM parameter is limited in the size and hence, this might be changed later)
The Lambda function receives a reference to this parameter as an environment variable (and a bit more) and forwards everything to the library.
In order to verify a domain or email address, the EmailForwardingRuleSet construct is using the package @seeebiii/ses-verify-identities"">@seeebiii/ses-verify-identities.
It provides constructs to verify the SES identities.
For domains, it creates appropriate Route53 records like MX, TXT and Cname (for DKIM).
For email addresses, it calls the AWS API to initiate email address verification.
I’m happy to receive any contributions!
Just open an issue or pull request :)
These commands should help you while developing:
npx projen init projen and synthesize changes in .projenrc.js to the projectyarn build compile typescript to jsyarn watch watch for changes and compileyarn test perform the jest unit testsyarn eslint validate code against best practicesThanks a lot to arithmetric for providing the NPM package aws-lambda-ses-forwarder.
This CDK construct is using it in the Lambda function to forward the emails.
Sebastian Hesse - Freelancer for serverless cloud projects on AWS.
MIT License
Copyright (c) 2022 Sebastian Hesse
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.