This deploys an Amazon SES inbound pipeline that forwards any email sent to *@<your-domain> to a single destination (e.g., Gmail).
- Route53 hosted zone for your domain
- S3 bucket to store raw inbound emails
- SES domain identity + DKIM (sending/forwarding) with automatic DNS verification
- SES receipt rule set: S3 store then invoke Lambda
- Python 3.13 Lambda that forwards as a wrapped
message/rfc822(DMARC-safe) - All DNS records (MX, TXT, CNAME) automatically configured in Route53
- AWS account with IAM creds configured:
aws configure - Terraform >= 1.6, AWS provider >= 5.40
- Choose an SES receiving region (e.g.,
us-east-1) - Domain must use Route53 for DNS - This setup creates a Route53 hosted zone and manages all DNS records automatically
-
Edit
terraform.tfvars:domain_name = "example.org" forward_to_email = "example@gmail.com" region = "us-east-1"
-
Init and apply:
terraform init terraform apply
-
Update your domain registrar to use Route53 nameservers:
- Get nameservers from:
terraform output nameservers - Log into your domain registrar (GoDaddy, Namecheap, etc.)
- Update your domain's nameservers to the Route53 nameservers shown in the output
- DNS propagation typically takes 15 minutes to 48 hours
- Get nameservers from:
-
Verification happens automatically - Terraform waits for SES domain verification to complete (up to 5 minutes)
-
Test by emailing any address at your domain, e.g.
abc123@example.org. It should arrive at yourforward_to_emailaddress.
- The Lambda forwards by sending a new email via SES with the original message attached as
message/rfc822and setsReply-Toto the original sender. - Domain verification happens automatically - Terraform creates all DNS records and waits for SES verification to complete.
- To avoid purging archived mail, disable S3 lifecycle (see comments in
main.tf).
main.tf,variables.tf,outputs.tf- Terraform stacklambda.py- Python 3.13 Lambdaterraform.tfvars- your values (example provided)
Simon Cornelius P. Umacob da46njrzf@mozmail.com