Logging AWS SES Details

Cover Image Generated with DALLE :)
AWS SES allows you to view various metrics such as the # of sends, rejects, bounces, etc. However, there is no place to view or log additional information such as the sender, recipient, subject, message or if the email is rejected, what is the reason or the diagnostic Code for example.

Recently I needed to capture detailed notifications about email bounces and deliveries and log that information in AWS CloudWatch under the CloudWatch log group.

Prerequisites that you may need to complete before deploying the additional SES logging.

Under Amazon SES

• Make sure that your domain, or email address identity shows in green as verified.

Under Amazon SNS

• Create a new SNS topic to capture detailed notifications for bounces, deliveries, etc.

Now head back to Amazon SES, under the verified identity (domain or email), select the Notifications tab, click on the Feedback Notifications section -> Click the edit button to navigate to the next page. Select the bounce notification topic with the SNS topic ARN that we created in the prior step and click Save Changes.

Once the prerequisite steps are complete, we are ready to move on to the next step!

1. Download ses_bounce_logging_blog.yml CloudFormation file from the below link, once you save this on your local machine, follow the next steps.

(https://github.com/aws-samples/digital-user-engagement-reference-architectures/blob/master/cloudformation/ses_bounce_logging_blog.yml)

1. Go to the AWS CloudFormation Console and Click Create Stack.
   Select the Upload template button and Click Choose to upload the ses_bounce_logging_blog.yml file that we downloaded earlier.

2. Click Next, Specify a Stack Name, update the default value of Cloud-Watch-Group-Name, and Select the Event Type “Bounce”, “Complaint”, or “Delivery”. For my use case, I selected bounce as that's what I suspected was happening to emails being sent out, but not received by the intended recipient.

3. Enter the (ARN) of the AWS SNS topic that we created earlier and click Next, and next.

4. Select I acknowledge..., and click Create Stack.

Time to Test
Go to Amazon SES and select the Verified Domain Identity Checkbox. Click Send a Test Email Button. Fill in the required information such as the From-address, Subject, and Scenario is Bounce, and then click Send Test Email.

AWS Cloudwatch
Head over to AWS Cloudwatch | log groups, once the bounce notification is received in the SNS topic it will be sent over to the Lambda function, and then will be logged in the /aws /ses/bounce_logs CloudWatch log group. As a small set of notes, the default log retention for these SES logs is set to forever, but you can tweak the retention period to whatever makes sense for your specific project or policies. You may also export the logs to Amazon S3 for longer-term storage.

To visualize this data, you can filter down in AWS CloudWatch, this also allows us to graph metrics and make them searchable. you can export the logs to Amazon S3 for the long term.