Mail Automation by AWS SES with Salesforce Integration

Contents Mail Automation by AWS SES with Salesforce Integration 2 Introduction 2 Amazon SES 2 Prerequisites 2 Architecture 2 Email Automation Steps in AWS Could Services 3 Step 1: Set up Your Domain 3 Step 2: Configure Your S3 Bucket 3 Step 3: Create an IAM Policy and Role: 4 Step 4: Create a Lambda Function 5 Step 5: Create a Receipt Rule Set: 6 Step 6: Test the Function 6 Troubleshooting 7 Costs of using this solution 7 Limitations 7 Conclusion 7

Mail Automation by AWS SES with Salesforce Integration Introduction The Business analysis is to automate the process of sending reply mail to authorized user from the mail id with its domain and mail id registered with Amazon SES. The reply mail body contains case id which is generated in Salesforce through AWS Lambda function. Following are the services required from AWS. Amazon SES

Amazon Simple Email Service (SES) is a cost-effective, flexible, and scalable email service that enables developers to send transactional email or any type of high-quality content to receivers. Amazon SES's helps in protecting sender reputation by its flexible IP deployment and email authentication options. This service is mainly used to send mails securely and globally.

Use Case: A solution for forwarding inbound emails to domains that are not managed by Amazon SES. Going forward, we will get an idea, how to forward incoming email to an email address that is managed outside of Amazon SES by deploying python code in AWS Lambda, Amazon SES, Amazon S3.

Prerequisites

To complete this use case, we need to have a domain that receives incoming email. If you do not already have a domain, you can purchase one through Amazon Route 53.

Architecture

The following architecture shows the flow of this solution using multiple AWS services.

The following actions occur in this solution:

1. A new email is sent from an external sender to your domain. All the incoming mails of your domain are handled by Amazon SES. 2. An Amazon SES receipt rule saves the incoming message with message id in an S3 bucket. 3. An Amazon SES receipt rule triggers the execution of a Lambda function. 4. The Lambda function retrieves the message id from S3, and then creates a new case object in salesforce. Salesforce sends mail content and particular object id to lambda. 5. Lambda receives that content and sends it to Amazon SES. 6. Amazon SES sends the message to the destination i.e., recipient’s mail address.

Email Automation Steps in AWS Could Services Step 1: Set up Your Domain

1. In Amazon SES, domain verification needs to be done that you want to use to receive incoming email. For the new users the account will be in a test environment which is known as Amazon SES sandbox, so verify the recipient's mail address also. 2. Register that domain and verify by adding SES TEXT value in domain. Once, addition of domain done successfully then with 30min, domain will be verified from AWS.

3. Add the following MX record to the DNS configuration for your domain:

10 inbound-smtp..amazonaws.com

If the region you are using is US East (N. Virginia), then replace with us-east-1.

4. Add SES IP range to your mail domain server. Whitelisting of IP in organization level should be communicated to AWS. 5. Submit a request to remove your account if your account is still in the Amazon SES. Sandbox.

Step 2: Configure Your S3 Bucket 1. In Amazon S3, create a new bucket or choose existing bucket.

2. Configure IAM role by applying the following policy to the bucket: 3

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSESPuts", "Effect": "Allow", "Principal": { "Service": "ses.amazonaws.com" }, "Action": "s3:PutObject", "Resource": "arn:aws:s3:::/*", "Condition": { "StringEquals": { "aws:Referer": "" } } } ] }

3. In the policy, make the following changes:  Replace with your S3 bucket name.  Replace with your AWS account ID. Step 3: Create an IAM Policy and Role:

1. Create a new IAM Policy with the following permissions:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": "*" },{ "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "s3:GetObject", "ses:SendRawEmail" ], "Resource": [ "arn:aws:s3:::/*", "arn:aws:ses:::identity/*" ] } ]}

In the preceding policy, make the following changes:

 Replace with the name of the AWS Region that you created the bucket in.

2. Create a new IAM role. Attach the policy that you just created to the new role.

Step 4: Create a Lambda Function 1. In the Lambda console, create a new Python 3.7 function from scratch. Choose an IAM role that created in previous steps for the execution role. 2. Refer and deploy the following python code which is for salesforce support.

3. Create environment variables whatever required for salesforce as follows:

4. Create the following environment variables for s3 and mail addresses in the Lambda function:

Key Value MailS3Bucket S3 bucket name that you created earlier.

MailS3Prefix The path of the folder where you will store message id.

MailSender The address that the mail to be sent from.

MailRecipient The address that the mail to be forwarded to.

Region AWS Region name to be used to send the mail.

Step 5: Create a Receipt Rule Set:

1. In the Amazon SES console, create a new Receipt Rule Set.

2. Add Recipient mail address that you want to send mail.

3. Add a Lambda function and s3 to the Receipt Rule in Actions tab.

Step 6: Test the Function

To test the function, send an email to recipient mail address which is in the Receipt Rule that was created earlier. In a minute or two, the email reverts to the inbox that you specified in the MailRecipient variable of the Lambda function.

Troubleshooting

If in case the mail did not reverted to the destination email address even after sending a test mail, do the following:

 Check for the Amazon SES Receipt Rule and make sure it is active.  Make sure that recipient email address matches with the specified in MailRecipient variable of the Lambda function.  You can also check for the errors in CloudWatch Log for the Lambda function created.  Subscribe an email address or corresponding phone number to the SNS topic and send another test email.

If you receive a bounce notification after sending a test mail, then do the following:

 Make sure that the domain verification process is completed successfully.  Make sure that the receipt rule is handling the email address which you are sending.

Costs of using this solution

Refer the following link for AWS SES pricing details. https://aws.amazon.com/ses/pricing/ Limitations

This solution supports in all available AWS Regions where Amazon SES is available. Conclusion

 This solution makes it possible to forward incoming mail from one of the Amazon SES verified domains to a verified email address.  This solution can be used, if you have multiple AWS accounts, and you want to send all incoming mails to single destination from each of those accounts.