Monitoring The body of the Workmail email

Hi there -- thank you for your interest in Amazon WorkMail!

If you want to perform analytics on content of your outbound messages, creating an Email Flow Rule with an asynchronous Lambda action will help you do that. You'll need to write a Lambda application for your analysis use case, but you can get started by using the applications published in our Serverless App Repository as a starting point. Using the AWS SDK in your Lambda app, you can interact with your WorkMail messages and then put the CloudWatch Metrics to build your desired monitoring.

I hope that helps!

Kind regards,

Sabrina

Hi, again -- I am adding this as a second answer, since the comment field is too limited in character length to let me reply inline.

Thank you for responding Sabrina, do we have any metric in cloud watch to see the body part of an email in Amazon WorkMail, the way we can see the recipient , subject etc.?

No, the body part contents wouldn't be available in Event Logging. But you do have full access to review the content using the GetRawMessageContent API, as messages are in flight, which is possible using an EFM rule with a Lambda. You could extract the information you're looking for and put it to CloudWatch to suit your needs.

To take this answer from "how can you get this to work" to "how can you get this to work well," though, I would recommend two additional considerations.

First, do a quick cost estimate to make sure you don't get any surprises in your billing statement. CloudWatch Pricing can give you a rough idea (make sure to select the right region to match your WorkMail Organization). The AWS Calculator for CloudWatch can help you create the full picture. In addition, consider if billing alarms are right for your use case. For example, if you're building logs for content where the content may become unexpectedly high volume or very large in size -- imagine if an automated job were to begin to fail overnight and start to send many megs of backtrace every minute -- you could start logging much more than usual, and it could pile up before you realize.

Second, and most importantly, please review all of your access grants and policies to ensure that any data is securely protected in line with your company's compliance and security obligations. If you are extracting message content and moving it to CloudWatch Logs, that could disclose highly confidential email contents to, for example, someone who has access to CloudWatch Logs for troubleshooting other unrelated applications, like a service running in EC2. I'll refer to the Well-Architected Framework's Security Pillar for more on this, but just in general, I recommend that you build with the principle of least privilege in mind, and put appropriate data security controls in place.

I hope that helps!

Kind regards,

Sabrina