Updating message content with AWS Lambda
After you configure a synchronous AWS Lambda function to manage email flows,
you can use the PutRawMessageContent action in the Amazon WorkMail Message
flow API to update the content of in-transit email messages. For more
information about getting started with Lambda functions for Amazon WorkMail, see Configuring synchronous Run Lambda rules. For
more information about the API, see PutRawMessageContent.
Note
The PutRawMessageContent API requires boto3 1.17.8, or you can add a layer to your Lambda
function. To download the correct boto3 version, see the boto page on GitHub
Here's an example layer:
"LayerArn":"arn:aws:lambda:${.
In this example, substitute
AWS::Region}:489970191081:layer:WorkMailLambdaLayer:2"${
with an appropriate aws region, such as us-east-1.AWS::Region}
Tip
If you start by deploying the Amazon WorkMail Hello World Lambda function
As you go, remember the following:
Use the GetRawMessageContent API to retrieve the original message content. For more information see Retrieving message content with AWS Lambda.
Once you have the original message, change the MIME content. When you finish, upload the message to an Amazon Simple Storage Service (Amazon S3) bucket in your account. Ensure that the S3 bucket uses the same AWS account as your Amazon WorkMail operations, and that it uses the same AWS Region as your API calls.
For Amazon WorkMail to process requests, your S3 bucket must have the correct policy in order to access the S3 object. For more information, see Example S3 policy.
-
Use the PutRawMessageContent API to send the updated the message content back to Amazon WorkMail.
Note
The PutRawMessageContent API ensures that the MIME content of the updated message
meets RFC standards, as wells as the criteria mentioned in the RawMessageContent data type. Emails inbound to your Amazon WorkMail
organization don't always meet those standards, so the
PutRawMessageContent API may reject them. In such
cases, you can consult the error message returned for more information
on how to fix any issues.
Example S3 policy
{ "Version": "2008-10-17", "Statement": [ { "Effect": "Allow", "Principal": {"Service": "workmail.REGION.amazonaws.com" }, "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::My-Test-S3-Bucket/*", "Condition": { "StringEquals": { "aws:SourceAccount": "AWS_ACCOUNT_ID" }, "Bool": { "aws:SecureTransport": "true" }, "ArnLike": { "aws:SourceArn": "arn:aws:workmailmessageflow:REGION:AWS_ACCOUNT_ID:message/WORKMAIL_ORGANIZATION_ID/*" } } } ] }
The following example shows how a Lambda function uses the Python runtime to update the subject of an in-transit email message.
import boto3 import os import uuid import email def email_handler(event, context): workmail = boto3.client('workmailmessageflow', region_name=os.environ["AWS_REGION"]) s3 = boto3.client('s3', region_name=os.environ["AWS_REGION"]) msg_id = event['messageId'] raw_msg = workmail.get_raw_message_content(messageId=msg_id) parsed_msg = email.message_from_bytes(raw_msg['messageContent'].read()) # Updating subject. For more examples, see https://github.com/aws-samples/amazon-workmail-lambda-templates. parsed_msg.replace_header('Subject', "New Subject Updated From Lambda") # Store updated email in S3 key = str(uuid.uuid4()); s3.put_object(Body=parsed_msg.as_bytes(), Bucket="amzn-s3-demo-bucket", Key=key) # Update the email in WorkMail s3_reference = { 'bucket': "amzn-s3-demo-bucket", 'key': key } content = { 's3Reference': s3_reference } workmail.put_raw_message_content(messageId=msg_id, content=content)
For more examples of ways to analyze the content of in-transit messages, see the
amazon-workmail-lambda-templates
