I have a business email server that I manage. The incoming mail is received to the local on-site server, but all outgoing mail is relayed through Amazon Simple Email Service (SES). Since I’m not sending emails directly from my server, I’m not able to log all of what has been sent or any errors that occur. Amazon SES is a great platform that takes a lot of the hassles out of running your own email server and it’s very affordable for small businesses. At the time of writing, I’m spending about $0.02 a month for SES for two sites with about a dozen email addresses. Anyway, let’s cut to the chase.
Prerequisites:
- An AWS Account
- An SES Verified Identity (minimum 1) to send emails
You should also be somewhat familiar with the following AWS Services:
- Managing an AWS Account
- Amazon Simple Email Service (SES)
- Amazon Simple Notification Service (SNS)
- Amazon CloudWatch
- AWS Lambda
- AWS CloudFormation
Create an SNS Topic
First we will create a new SNS Topic to listen for email response events that pertain to the verified identity. Then we will record those events into logs that we can view in an AWS CloudFormation Stack.
OK, lets create the SNS Topic! Navigate to ‘Amazon SES > Verified Identities‘ and select the identity that you wish to log. Then select ‘Notifications’ about half way down in the middle of the page.
Now, At the bottom of the page there will be a block titled ‘Feedback Notifications’ that will list the specific feedback types: Bounce, Complaint, and Delivery. Select ‘Edit’ on the upper right hand side to edit the notification settings.
Now select ‘Create SNS topic’
Enter the name of the Topic you would like to create, here I’ve labeled it ‘Website_name_logging’, but you can name it whatever you like. then select ‘Create Topic’.
Next edit the drop-down lists to select the SNS Topic we just created. Note, I haven’t selected to log delivery confirmations, only bounces and complaints. Save your changes.
Create a LAMBDA Stack
Next we are going to create a stack using LAMBDA functions to send the events to the log file so we can view them later in CloudWatch.
Navigate to ‘CloudFormation > Stacks‘ and select to create a new stack. In the drop-down select ‘With new resources (standard)’. Download the template below for upload. The template just specifies the settings for the stack. Feel free to explore the source-code.
Download the template ses_logger.yml
Upload the template and select next.
On the next page we will need the SNS Topic ARN. This is the unique ID for the Topic. In a separate tab navigate to ‘Amazon > SES > Topics‘ and copy the ARN from the Topic we just created in the previous steps.
DO NOT EDIT the Topic and ENABLE ENCRYPTION. This will cause An error to occur when trying to publish a notification to the SNS topic and will cause the Topic to fail. When the notification fails, it also unassigns the topic in the notification settings for the identity.
Return to this page and create a name for the stack, and choose a name for the CloudWatchGroupName, the event type, and finally paste the SNS Topic ARN. Select ‘Next’
Notice above, the CloudWatchGroupName was auto populated. This was the handy work of the template we uploaded earlier. When you repeat the process for your complaints log, you can change the stack name to ‘Website-name-complaint-log’, CloudWatchGroupName to ‘/aws/ses/complaint_logs’, and the event type to Complaint, but using the same Topic ARN from before.
On the next page select ‘Next’ accepting all of the defaults. Then scroll to the bottom, check the box confirming ‘I acknowledge that AWS CloudFormation might create IAM resources.‘ and select ‘Create Stack’.
In the next window and as the Stack is created; you can check on the status of the stack creation by refreshing the page, the logs will update and display the progess. You should currently be on the ‘Stack details’ page. Once the stack has successfully completed you can check that the Lambda function has attached to the Topic by navigating to the Amazon SNS > Topics and selecting the Topic created previously. In the ‘Subscriptions’ tab it should list the LAMBDA function as a subscribed service like in the image below.
Test It Out!
Now, to test it out! navigate to Amazon SES > Verified identities, select your identity and send a test (Bounce or Complaint) email from the ‘Send test email’ button in the top right hand side. Once the test email has been sent we should be able to view the log in CloudWatch > Log Groups.
Note, these log groups will not exist until SES registers a Bounce (or Complaint) email that has been sent from the identity.
Conclusion
Also note that this is not a free service and that if you are constantly sending emails that bounce, receive a lot of complaints, or choose to log delivery confirmations on a busy server you may incur substantial costs to your account. However, if this is a regularly monitored account, it should only cost pennies to add the logging feature.
To remove these services simply delete the stacks and topic created.
I hope this helps and if I missed anything, let me know in the comments!
Just curious, the yml file you have here gets a 404 error.
The yml file in the official AWS docs doesn’t seem to capture Complaints (but works for Bounces).
Any idea why?
AWS official docs:
https://aws.amazon.com/blogs/messaging-and-targeting/how-to-log-amazon-ses-details-using-amazon-cloudwatch/
YML file linked in above docs:
https://github.com/aws-samples/communication-developer-services-reference-architectures/blob/master/cloudformation/ses_bounce_logging_blog.yml
I wasn’t sure if its not working because of something in the .yml file or something else.
Thanks for any feedback,
Ari
Hi Ari,
I have fixed the broken link. Thank you for catching it.
The linked .yml above and the linked .yml from the official docs are the same file.
In the “Create a LAMBDA Stack” section it indicates that you will need to change the .yml file to log complaints.
Rob