I expected post-pandemic NYC to be a bit more "I am Legend". But this was December 2021 just before Omicron

SES to Slack

AWS , CloudSecurity , Technology

As part of my work setting up free domains in Google, I realized I needed a way to receive email. My normal process for getting emails on secondary domains I own was to add them as a User Alias Domain attached to room17.com. However, for these Google Cloud Identity domains I couldn’t do that. A domain can’t be both it’s own Cloud Identity domain, and a User Alias Domain.

So I started experimenting with AWS SES.

What I created is a simple CloudFormation Template and Lambda that will take any inbound email to a Cloud Identity Domain, and forward it as a message to a Slack channel.

Here’s what you need to do. Unlike every AWS walk through, I’m going to assume you have an AWS account and reasonably know what your doing. We need to create and verify the domain in SES artisanally, then we do the rest via CloudFormation.

  1. Go to the SES Console and Click on Configuration Verified Identities.
  2. Enter the domain you want to accept all email for. You’ll want to do this in the same account that has the Route53 Public HostedZone for the subdomain.
  3. Configure MX Records for the domain and verified identity.
    1. Add the following as an MX Record to your Route53 Hosted Zone:
      10 inbound-smtp.us-east-1.amazonaws.com
  4. Create a Slack Channel and Webhook
  5. Create an SecretsManager Secret for the Webhook. The secret json should be: 
    {
    "webhook_url": "https://hooks.slack.com/services/THIS/BIT/IS/SECRET"
}

    ``

  6. Deploy the CloudFormation Template
    1. Use the Hosted Template here: https://s3.amazonaws.com/pht-cloudformation/aws-account-automation/SESRuleToSlack-Template.yaml
    2. Grab from GitHub: https://github.com/jchrisfarris/aws-account-automation/blob/master/cloudformation/SESRuleToSlack-Template.yaml
    3. Parameters:
      1. pDeliveryBucketName: Bucket you created above
      2. pDomain: Domain you verified above
      3. pIconEmoji - change this if you’d like
      4. pRuleSetName - Name for the RuleSet. There can only be one active RuleSet in an account/region
      5. pSlackChannel - I’m 80% sure this isn’t needed
      6. pSlackWebhookSecret - Secret you created above
      7. pCreateRuleSet and pCreateBucket - Should this stack create the resource or re-use an existing one.
    4. Click all the stuff to create.
  7. When CloudFormation creates a SES receiving rule set, it’s inactive by default.
    1. Go to SES Email receiving to make the rule set active
  8. Test!
    1. Send an email to any user at your domain.