Post Syndicated from agardezi original https://aws.amazon.com/blogs/messaging-and-targeting/replace-traditional-email-mailbox-polling-with-real-time-reads-using-amazon-ses-and-lambda/
Integrating emails into an automated workflow for automated processing can be challenging. Traditionally, applications have had to use the POP protocol to connect to mail servers and poll for emails to arrive in a mailbox and then process the messages inline and perform actions on the message. This can be an inefficient mechanism and prone to errors that result in the workflow missing messages. Since this method requires polling it’s not great if you need real-time processing of messages and introduces inefficiencies in the design. Amazon Simple Email Service (Amazon SES) is a cost effective, scalable and flexible email service with support for different workflows including the ability to perform spam checks and virus scans. In this blog you will see how to use Amazon SES with AWS Lambda and Amazon S3 in order to automate the processing of emails in real time and integrate with an application without the need for polling.
The use case explored in this blog focuses on automation for CRM or order processing platforms and processing of email related to customer contact or direct email requests. An example of this use case is copying a client engagement email to Salesforce (or any other database) where it is recorded and can later be categorized or attached to the appropriate client account or opportunity. When designing an application that needs to read emails from a mailbox, a developer would traditionally have to use a mail library (like JavaMail if using Java) to make a call to the mailbox, authenticate and then pull messages into an application object. This would mean polling the mailbox every 10 – 15 minutes to check for new messages, handle errors when the mailbox is unavailable and maintaining a fully functioning mailbox. This solution can help you implement automated processing of emails arriving in a mailbox without the need to poll the mailbox. The entire solution will be implemented in a serverless fashion.
Solution
This blog post shows how to use SES to perform automated processing of email in an application workflow. I will use the option in SES to save received emails in S3 and trigger a Lambda function to process the message without having to poll a mailbox. This sample application demo is using email to receive simple orders which get automatically processed and the details stored in DynamoDB. The following diagram shows the high-level architecture:
Step 1: Create an S3 Bucket for Email Storage
Start by creating an S3 bucket where received emails will be stored in order for the full email to be processed by the lambda. The bucket must have a policy attached so SES can put objects in the bucket on your behalf:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AllowSESPuts",
"Effect":"Allow",
"Principal":{
"Service":"ses.amazonaws.com"
},
"Action":"s3:PutObject",
"Resource":"arn:aws:s3:::myBucket/*",
"Condition":{
"StringEquals":{
"aws:Referer":"111122223333"
}
}
}
]
}
Make the following changes to the preceding policy example:
- Replace myBucket with the name of the Amazon S3 bucket that you want to write to.
- Replace 111122223333 with your AWS account ID.
You can find out more about the policy here.
Step 2: Create DynamoDB Table to Simulate Application
Next, add a DynamoDB table. The DynamoDB table will store the incoming order info. For this sample we will keep it simple and have a table with email as a partition key. Here is the data model:
Step 3: Create Lambda Function triggered by SES to Process Email
Now the DynamoDB table is ready, create the Lambda function to process the email and send data to the DynamoDB table. The lambda function needs an execution role that has permissions to access the S3 bucket, the DynamoDB table and create the CloudWatch log group. It also needs a Resource-based Policy so SES can invoke the Lambda function. In the final step when we configure SES to call the lambda, SES automatically adds the necessary permissions to the function as detailed here. This is a sample policy statement:
Sample Lambda code in python:
import boto3
import email
def lambda_handler(event, context):
s3 = boto3.client("s3")
dynamodb = boto3.resource("dynamodb")
table = dynamodb.Table('email_order_received')
print("Spam filter")
# Check the SES spam and virus filter settings
if (
event["Records"][0]["ses"]["receipt"]["spfVerdict"]["status"] == "FAIL" or
event["Records"][0]["ses"]["receipt"]["dkimVerdict"]["status"] == "FAIL" or
event["Records"][0]["ses"]["receipt"]["spamVerdict"]["status"] == "FAIL" or
event["Records"][0]["ses"]["receipt"]["virusVerdict"]["status"] == "FAIL"
):
print("Dropping Spam")
else:
print("Not Spam")
email_bucket = "email-handling-test"
bucketkey = "monitor/" + event["Records"][0]["ses"]["mail"]["messageId"]
fileObj = s3.get_object(Bucket = email_bucket, Key=bucketkey)
msg = email.message_from_bytes(fileObj['Body'].read())
From = msg['From']
itemname = msg['Subject']
body = ""
if msg.is_multipart():
for part in msg.walk():
type = part.get_content_type()
disp = str(part.get('Content-Disposition'))
# look for plain text parts, but skip attachments
if type == 'text/plain' and 'attachment' not in disp:
charset = part.get_content_charset()
# decode the base64 unicode bytestring into plain text
body = part.get_payload(decode=True).decode(encoding=charset, errors="ignore")
# if we've found the plain/text part, stop looping thru the parts
break
else:
# not multipart - i.e. plain text, no attachments
charset = msg.get_content_charset()
body = msg.get_payload(decode=True).decode(encoding=charset, errors="ignore")
table.put_item(
Item={
'email': From,
'itemname': itemname,
'quantity': body
}
)
print("inserted data into dynamodb")
When you add a Lambda action to a receipt rule, Amazon SES sends an event record to Lambda every time it receives an incoming message. This event contains information about the email headers for the incoming message, as well as the results of tests (spam filtering and virus scanning) that Amazon SES performs on incoming messages, however it omits the body of the incoming email. This is why the lambda has to process the body form the email stored in S3. You can see details of the event here. In this demo app we assume the item name is in the subject and the body of the email has the quantity of the items and this data is written to the DynamoDB table.
Step 4: Configure SES to Send Emails to S3 and Trigger Lambda Function
The final step is to configure Amazon SES. Start by verifying a domain so SES can use it to send and receive emails. Domain verification helps ensure you are the owner of the domain and are thus authorised to manage the sending and receiving of the emails from addresses in the domain. To verify your domain:
- In the SES console in the navigation pane under Identity Management, choose Domains.
- Choose Verify new Domain
- In the Verify new Domain dialog enter your domain name
- Choose Verify This Domain
- In the dialogue box you will see a Domain verification record set. You need to add this record to your domain DNS server. You will also have to add the email receiving record (MX Record) to you domain DNS server.
- If your DNS server is Route53 and it is registered under the same account then SES also gives you the option to update your DNS server from within the SES console.
Once the domain is verified its status goes from “pending verification” to “verified” and now it can used it to send and receive emails.
Next, create a recipient rule set. The Rule Set lets you specify what SES does with emails it receives on domains you own. You can create rules for individual addresses or any address under the domain. To create the Rule Set:
- In the left navigation pane, under Email Receiving, choose Rule Sets.
- Choose Create Rule.
- Enter the recipient email address you want to configure the rule for. You can add up to a maximum of 100 recipient addresses or just set it up for any address in the domain using just the domain name as a wildcard.
- Once the addresses have been added, add the actions for the rule. Add two actions:
- First one is of type S3, this is to save a copy of the email to the S3 bucket created in step 1. Select the bucket name created in step 1 from the drop-down list. You can add a prefix to the filename as well to categorise the output of different rules.
- Second is of type Lambda to trigger the lambda for processing the email. Select the lambda created in step 3 from the drop-down list.
Once the SES Rule is configured, we have the full workflow in place. Now any email sent to the [email protected] address will be processed by the Lambda. In this way you can configure email processing to be part of your application workflow without having to perform polling.
Clean-up
To clean up the resources used in your account:
- Navigate to Amazon S3 and delete the contents of the bucket you created where your emails are stored.
- Once the bucket is empty, delete the bucket.
- Navigate to the DynamoDB console and delete the table you created above. Make sure you select the option to “Delete all CloudWatch alarms for this table”
- Remove the domain from Amazon SES. To do this, navigate to the Amazon SES Console and choose Domains from the left navigation. Select the domain you want to remove and choose Remove button to remove it from Amazon SES.
- From the Amazon SES Console, navigate to the Rule Sets from the left navigation. On the Active Rule Set section, choose View Active Rule Set button and delete all the rules you have created, by selecting the rule and choosing Action, Delete.
- On the Rule Sets page choose Disable Active Rule Set button to disable listening for incoming email messages.
- On the Rule Sets page, Inactive Rule Sets section, delete the only rule set, by selecting the rule set and choosing Action, Delete.
- Navigate to the Lambda console and delete the Lambda you created earlier. Select the Lambda and choose Delete from the Actions menu.
- Navigate to CloudWatch console and from the left navigation choose Logs, Log groups. Find the log group that belongs to the resources and delete it by selecting it and choosing Actions, Delete log group(s).
Conclusion
In this post, we have shown you how to integrate email processing into an application workflow without having to resort to polling a mail box.
By using SES to receive emails you can create a modular serverless architecture that allows emails to be processed and checked for spam plus viruses and the output can then be sent to any downstream system or stored in a database for application use.
About the Author
Syed Ali Abbas Gardezi is a Sr. Solution Architect for AWS based in London, United Kingdom. He works with AWS GSI Partners architecting, designing and implementing various large-scale IT solution. Before joining AWS he worked in several Architecture roles in a tier 1 financial organisation in London.
Rajat Kashyap is a Solutions Architect at AWS. He is Containers, DevOps, BigData, Analytics and AI/ML enthusiast and loves helping customers design secure, reliable, scalable and cost-effective solutions on AWS. As a trusted customer advisor, he help organizations understand best practices for advanced AWS cloud-based solutions and help them in migration and modernization of their workload using Well Architected design principles and best practices.
Ashish Mehra is a Solutions Architecture Manager at AWS. He is a Middleware, Serverless, IoT and Containers enthusiast and loves helping customers design secure, reliable and cost-effective solutions on AWS.
Rakesh Singh
Mikhail is a Solutions Architect for RUS-CIS. Mikhail supports customers on their cloud journeys with Well-architected best practices and adoption of DevOps techniques on AWS. Mikhail is a fan of ChatOps, Open Source on AWS and Operational Excellence design principles.
