How can I use Amazon SES to receive inbound emails, and then store those emails on Amazon S3?

5 minute read
0

I want to use Amazon Simple Email Service (Amazon SES) to receive inbound emails, and store the emails for archiving or further processing.

Resolution

Note: Before you start, verify that your endpoint is in an AWS Region that supports email receiving. Except for Amazon S3 buckets, all the AWS resources that you use for receiving email with Amazon SES must be in the same AWS Region as the Amazon SES endpoint.

Verify your email domain with Amazon SES

Verify the domain that you want to use for receiving emails.

Publish an MX record for Amazon SES to receive emails

For Amazon SES to receive your domain's inbound emails, publish a mail exchanger record (MX record). Include an Amazon SES inbound receiving endpoint in the domain DNS configuration.

Set up an Amazon S3 bucket with the permissions to store emails from Amazon SES

1.    Open the Amazon S3 console.

2.    Create an Amazon S3 bucket.

3.    Select the bucket name from the bucket list.

4.    Choose the Permissions tab.

5.    Choose Bucket Policy.

6.    Under Bucket policy editor, enter the following policy.
Replace AWSDOC-EXAMPLE-BUCKET with the name of the S3 bucket that you want to write to.
Replace 111122223333 with your AWS account ID. Replace region with the AWS Region where you want to create the receipt rule. Replace rule_set_name with the name of the rule set that contains the receipt rule. Replace receipt_rule_name with the name of the receipt rule. If you don't have a configured rule_set_name and receipt_rule_name in Amazon SES, then you can use any values to configure the bucket policy. Use the same values when you create the rule set and rule in the next section.

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"AllowSESPuts",
      "Effect":"Allow",
      "Principal":{
        "Service":"ses.amazonaws.com"
      },
      "Action":"s3:PutObject",
      "Resource":"arn:aws:s3:::AWSDOC-EXAMPLE-BUCKET/*",
      "Condition":{
        "StringEquals":{
          "AWS:SourceAccount":"111122223333",
          "AWS:SourceArn": "arn:aws:ses:region:111122223333:receipt-rule-set/rule_set_name:receipt-rule/receipt_rule_name"
        }
      }
    }
  ]
}

7.    Choose Save.
Note: For more information about this policy, see Give Amazon SES permission to write to an Amazon S3 bucket.

Create an Amazon SES receipt rule that sends inbound emails to the S3 bucket

  1. Open the Amazon SES console.
  2. In the navigation pane, under All rule sets, choose Email Receiving.
  3. To add the rule to an active rule set, proceed to step 4. To create a new rule set, choose Create a Rule Set, enter a rule set name, and then choose Create a Rule Set.
    Note: If you create a new rule set, select the rule set, and then choose Set as Active Rule Set. Only one of your receipt rule sets can be the active rule set at any given time.
  4. Choose Active Rule Set.
  5. Choose Create Rule.
    Note: You can also choose to update an existing rule with the same values that are described in the following steps.
  6. Enter a unique rule name. If your use case requires TLS or spam and virus scanning, then choose Require TLS or Enable spam and virus scanning. To make this an active rule, select the Enabled checkbox.
  7. Choose Next.
  8. To store only emails that Amazon SES sends to a specific verified domain, choose Add Recipient conditions, and then enter the email addresses as recipients. To store all emails that Amazon SES sends to all verified domains, don't enter any email addresses. Then, choose Next.
  9. Choose Add new action, and then choose Deliver to S3 bucket. Complete the following steps:      
    For S3 bucket, choose the bucket that you created to store emails.         
    For Object key prefix, enter an S3 prefix where you want to store the emails. If you leave this field blank, then Amazon SES stores emails at the root of the bucket.
    (Optional) Choose Message encryption for Amazon SES to use an AWS Key Management Server (AWS KMS) key to encrypt your emails.
    Note: If you're using a key other than the default root key, then you must grant Amazon SES permissions for using the AWS KMS key. Amazon SES uses Amazon S3 encryption client to encrypt your email before sending the email to the S3 bucket for storage. Amazon SES doesn't use Amazon S3 server-side encryption to encrypt your email.
  10. (Optional) For SNS topic, select an Amazon Simple Notification Service (Amazon SNS) topic to notify you when Amazon SES delivers an email to the S3 bucket.
  11. Choose Next.
  12. Choose Create Rule.

Test the Amazon SES rule

  1. Open the Amazon SES console.
  2. In the navigation pane, choose Verified identities.
  3. Select your verified domain.
  4. Choose Send a Test Email. Then, complete these fields:
    For Email format, choose Formatted.
    For From-address, enter the email address that you want to send to the test email from.
    Under Scenario, choose Custom.
    For Custom recipient, enter an email address with the domain that you want to test.
    For Subject and Body, enter an example email text.
  5. Choose Send Test Email.
  6. Open the Amazon S3 console.
  7. Open the bucket that you configured to store the Amazon SES emails.
  8. Verify that the bucket contains the test email that you sent. It can take a few minutes for the test email to appear.

Related information

Why aren't my inbound emails on Amazon SES arriving or saving to my Amazon S3 bucket?

Setting up Amazon SES email receiving

Receive and process incoming email with Amazon SES

AWS OFFICIAL
AWS OFFICIALUpdated a year ago
5 Comments
  1. In the navigation pane, under Email Receiving, choose Rule Sets. In this step I don't see "Email Receiving". Why?
replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a year ago

@rePost-User-1773121 the Email Receiving option is not available in all AWS regions. At the moment only 3 regions support Email Receiving: https://docs.aws.amazon.com/ses/latest/dg/regions.html#region-receive-email

AWS
bruno_g
replied 7 months ago

Where can I find documentation on how to receive emails in an external email client like Thunderbird? Sending works fine and the emails are stored in an s3 bucket and received in workmail, but never received in the email client. thanks

Aaron
replied 6 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 6 months ago