In this article you will see how to set up email forwarding with Amazon SES using Amazon S3 and AWS Lambda.

What are you going to do ?

Let’s say you own a domain and you want to send and receive emails using or To acheive this you can leverage AWS services like Amazon SES, Amazon S3 and AWS Lambda.

Amazon SES: It is a mail server that can both send and receive mail on behalf of your domain.

Amazon S3: It is storage for the Internet. It is designed to make web-scale computing easier for developers.

AWS Lambda: It is a compute service that lets you run code without provisioning or managing servers.

Steps involved to set up email forwarding:

Set up SES to recieve emails for a domain

Before you start recieving emails for a domain using Amazon SES, you must verify the ownership of the domain. You can do this by adding TXT record to the domain’s DNS settings. To automatically route emails sent to your domain to Amazon SES, you need to add MX record to your domain settings. So sign into your AWS account and open SES console and go through this tutorial. Once you have verified your domain and enabled DKIM settings, proceed to next step.

Store recieved emails to S3 bucket

You need to have atleast one active reciept rule set to use SES as email reciever. These rules specify SES what to do when an email is recieved for your domain. So let’s create one rule to store emails recieved to an S3 bucket. Fill the bucket name in the below fig. I used ses-bravokeyl as S3 bucket and emails as object prefix which is a folder I created inside the bucket.

With the S3 rule setup, whenever someone sends an email that gets stored in the S3 bucket, you can test it by sending an email to the domain email address and checking the emails (Object key prefix) folder of the ses-bravokeyl (S3 bucket) you created. For more details check the embedded video or the AWS developer guide.

Create a Lambda function to forward recieved email

Now that we have successfully stored sent emails to an S3 bucket, it’s time to process the email stored using AWS Lambda. To do this you need to create a lambda function and use AWS Lambda SES Forwarder module. So go to AWS Lambda console and add download this code, unzip it open index.js file and change the following configuration to reflect your details then zip it and upload it to Lambda.

// Configure the S3 bucket and key prefix for stored raw emails, and the
// mapping of email addresses to forward from and to.
// Expected keys/values:
// - fromEmail: Forwarded emails will come from this verified address
// - emailBucket: S3 bucket name where SES stores emails.
// - emailKeyPrefix: S3 key name prefix where SES stores email.
// Include the trailing slash.
// - forwardMapping: Object where the key is the email address from
// which to forward and the value is an array of email addresses
// to which to send the message.
var overrides = {
config: {
fromEmail: "",
subjectPrefix: "",
emailBucket: "ses-bravokeyl",
emailKeyPrefix: "emails/",
forwardMapping: {
"": [

The critical part is when you creating lambda function create a custom role with the following policy document.

"Version": "2012-10-17",
"Statement": [
"Effect": "Allow",
"Action": [
"Resource": "arn:aws:logs:*:*:*"
"Effect": "Allow",
"Action": "ses:SendRawEmail",
"Resource": "*"
"Effect": "Allow",
"Action": [
"Resource": "arn:aws:s3:::S3-BUCKET-NAME/*"

That’s it, now test this by sending an email to the verified address under domain.