How can I use Amazon SES to receive inbound emails, and then store those emails on Amazon S3?

5 minutos de lectura

I want to use Amazon Simple Email Service (Amazon SES) to receive inbound emails. I also want to store those emails for archiving or further processing. How can I do that?

Short description

Follow these steps to set up Amazon SES to receive inbound emails, and then store those emails:

1.    Verify your email domain with Amazon SES.

2.    Publish an MX record for Amazon SES to receive emails.

2.    Set up an Amazon Simple Storage Service (Amazon S3) bucket with the permissions to store emails from Amazon SES.

3.    Create an Amazon SES receipt rule that sends inbound emails to the S3 bucket.

4.    Test the Amazon SES rule.


Verify your email domain with Amazon SES

You must verify the domain that you want to use for receiving emails.

Publish an MX record for Amazon SES to receive emails

For Amazon SES to receive your domain's inbound emails, publish an MX record with an Amazon SES inbound receiving endpoint in the domain DNS configuration.

Set up an Amazon S3 bucket with the permissions to store emails from Amazon SES

1.    Create an Amazon S3 bucket.

2.    After you create the bucket, select its name from the bucket list in the Amazon S3 console.

3.    Choose the Permissions tab.

4.    Choose Bucket Policy.

5.    Under Bucket policy editor, enter the following policy:

Note: Replace AWSDOC-EXAMPLE-BUCKET with the name of your bucket. Then, replace 111122223333 with your AWS account ID.

  "Version": "2012-10-17",
  "Statement": [
      "Sid": "AllowSESPuts",
      "Effect": "Allow",
      "Principal": {
        "Service": ""
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::AWSDOC-EXAMPLE-BUCKET/*",
      "Condition": {
        "StringEquals": {
          "aws:Referer": "111122223333"

Note: For more information about this policy, see Give Amazon SES permission to write to an Amazon S3 bucket.

6.    Choose Save.

Create an Amazon SES receipt rule that sends inbound emails to the S3 bucket

1.    Open the Amazon SES console.

2.    In the navigation pane, under Email Receiving, choose Rule Sets.

3.    To add the rule to an existing active rule set, skip to step 4. To create a new rule set, choose Create a Rule Set, enter a rule set name, and then choose Create a Rule Set.

Note: If you create a new rule set, be sure to select the rule set, and then choose Set as Active Rule Set. Only one of your receipt rule sets can be the active rule set at any given time.

4.    Choose View Active Rule Set.

5.    Choose Create Rule.

Note: You can also choose to update an existing rule with the same values as described in the following steps.

6.    Under Recipients, to store emails sent only to certain email addresses with your verified domains, enter those email addresses as recipients. To store all emails sent to all your verified domains, don't enter any recipients, and then choose Next Step.

7.    Under Actions, for Add action, select S3. Then, complete these fields:
For S3 bucket, select the bucket that you created to store the emails.
(Optional) For Object key prefix, you can enter an S3 prefix where you want to store the emails. If you leave this field blank, emails are stored at the root of the bucket.
(Optional) For Encrypt Message, select the box if you want Amazon SES to encrypt your emails using an AWS Key Management Service (AWS KMS) key.
Note: If you use a key other than the default root key (aws/ses), then you must grant Amazon SES permissions for using the AWS KMS key. Amazon SES encrypts your email using the Amazon S3 encryption client before sending the email to the S3 bucket for storage. Your email is not encrypted using Amazon S3 server-side encryption.
(Optional) For SNS topic, select an Amazon Simple Notification Service (Amazon SNS) topic to notify when an email is delivered to the S3 bucket.

8.    Choose Next Step.

9.    Under Rule Details, complete these fields:
For Rule name, enter a name for your rule.
For Enabled, be sure that this check box is selected so that the rule is created as an active rule.
(Optional) Select Require TLS or Enable spam and virus scanning if required by your use case.
For Rule set, verify that your active rule set is selected. An active rule set includes (Active) in the name.
For Insert after rule, select the position that you want for your rule within the rule set.

10.    Choose Next Step.

11.    Choose Create Rule.

Test the Amazon SES rule

1.    From the Amazon SES console, in the navigation pane, choose Domains.

2.    Select your verified domain.

3.    Choose Send a Test Email. Then, complete these fields:
For From, enter an email address that you want to send the test email from.
For To, enter an email address with the domain that you want to test.
For Subject and Body, enter example email text.

4.    Choose Send Test Email.

5.    After a few minutes, open the Amazon S3 console.

6.    Open the bucket that you configured to store the Amazon SES emails.

7.    Verify that the bucket contains the test email that you sent.

Related information

Why aren't my inbound emails on Amazon SES arriving or saving to my Amazon S3 bucket?

Setting up Amazon SES email receiving

OFICIAL DE AWSActualizada hace 5 meses