Continuing the previous post where I told you how important email is and why do we choose Workmail as our email service. Then, here we will get started on how to setup email hosting using Amazon Workmail. I'll do all steps using AWS CLI, so make sure you have installed it and setup the credential.
Are you comfortable with the Console? Please go ahead with it, no pressure at all :)
When I create this series, Amazon Workmail is only available in 3 regions. In this case, I randomly choose N. Virginia (us-east-1) and you can choose which one do you wanna use.
More about Amazon Workmail, click here!
So, what are we gonna do?
- Create Organization
- Create User
- Register Domain
- Update Default Domain
- Create User Alias
- Send & Receive Email
- Update Mailbox Quota
- Create Group
- Associate User To The Group
- Setup Email On Mobile Email Client App
I think those 10 steps are enough for us to get started with Amazon Workmail!
1. Create Organization
Here we will start using free domain provided which is awsapps.com. So please decide the alias first, then AWS will do the rest to setup your email hosting such as domain verification along with webmail client link provided.
For example I use dhona as alias, so AWS will verify dhona.awsapps.com and use dhona.awsapps.com/mail to access the webmail client.
$ aws workmail create-organization --alias dhona --region us-east-1
OrganizationId: m-fb75a642ab0f4745b33b54f729f6af01
$ aws workmail describe-organization --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
ARN: arn:aws:workmail:us-east-1:0123456789:organization/m-fb75a642ab0f4745b33b54f729f6af01
Alias: dhona
CompletedDate: '2023-03-23T18:20:03.872000+07:00'
DefaultMailDomain: dhona.awsapps.com
DirectoryId: d-9067aebc88
DirectoryType: IdentityPoolDirectory
OrganizationId: m-fb75a642ab0f4745b33b54f729f6af01
State: Active
Note*: please save the organization-id as we always use it for the next configurations.
2. Create Users
When we're creating user, we don't need to choose domain will be used directly. So it will be just a user, not an email user but the state is still disabled.
$ aws workmail create-user --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --name dhona --display-name "Nurul Ramadhona" --password $password --region us-east-1
UserId: 510f7b96-800d-47e2-a869-c3c47af4e9ea
$ aws workmail describe-user --user-id 510f7b96-800d-47e2-a869-c3c47af4e9ea --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
DisplayName: Nurul Ramadhona
Name: dhona
State: DISABLED
UserId: 510f7b96-800d-47e2-a869-c3c47af4e9ea
UserRole: USER
To enable the user, we will need to choose "temporary" primary email address. Why is it temporary? Because we can change it anytime we want (I'll tell you more about it in the fifth step). By doing this, you will create an email address for that user.
$ aws workmail register-to-work-mail --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --entity-id 510f7b96-800d-47e2-a869-c3c47af4e9ea --email dhona@dhona.awsapps.com --region us-east-1
$ aws workmail describe-user --user-id 510f7b96-800d-47e2-a869-c3c47af4e9ea --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
DisplayName: Nurul Ramadhona
Email: dhona@dhona.awsapps.com
EnabledDate: '2023-03-23T19:00:40.432000+07:00'
Name: dhona
State: ENABLED
UserId: 510f7b96-800d-47e2-a869-c3c47af4e9ea
UserRole: USER
Note*: entity-id is an Id of either user or group. Please adjust it based on your condition, you're managing a user or group. Don't get confused!
Right after the user is enabled, we can login to the webmail client and start send/receive email.
3. Register Domain To The Organization
Within an organization, we can have more than one domain to be used. Since we get free alias dhona.awsapps.com, here I'll add my external domain dhona.xyz (you can skip this step if you don't have one and jump to the sixth step). We can use domain either from Amazon Route53 or external.
$ aws workmail register-mail-domain --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --domain-name dhona.xyz --region us-east-1
When we use custom domain, we should add some required DNS records generated by Workmail. Each record has its own purpose.
$ aws workmail get-mail-domain --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --domain-name dhona.xyz --region us-east-1
DkimVerificationStatus: PENDING
IsDefault: false
IsTestDomain: false
OwnershipVerificationStatus: PENDING
Records:
(the required DNS records will be shown here)
- Mail Exchange (MX): used to direct where the mail server of that domain is placed.
For example: Value: 10 inbound-smtp.us-east-1.amazonaws.com.
It shows the mail server address by using the domain along with the priority which is 10. The domain can consist of more than one IP address in case we have multiple servers. Anyway if the domain is in use somewhere (you already hosted your email service using that domain), I suggest you to wait till the migration process is done.
- Sender Policy Framework (SPF): used to list all addresses which are allowed to send email using the domain.
For example: Value: v=spf1 include:amazonses.com ~all
It means all emails those don't come from amazonses.com should be marked as insecure or spam.
-
DomainKeys Identified Mail (DKIM): used by receiver to verify emails using the key signed through cryptographic authentication. The hostname is marked with
._domainkey.
For example: Value: abcdefghijklmnopqrstuvwxyz.dkim.amazonses.com.
- Domain-based Message Authentication, Reporting and Conformance (DMARC): used to decide the action if the authentication is failed. This is just an additional record after SPF and DKIM.
For example: Value: v=DMARC1;p=quarantine;pct=100;fo=1
It means the receiver should quarantine all emails those don't pass the authentication checks and generate report to sender when the emails are failed to deliver.
Those 3 things are parts of email security. You can get to know more about them and you can also make them custom as you need. In this case, I'll follow what Workmail has generated for me. If we already set the DNS records properly, the domain will be successfully verified and ready to be used.
4. Update Default Domain
Since now we have two domains, we are free to choose which one will be used as default domain.
$ aws workmail update-default-mail-domain --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --domain-name dhona.xyz --region us-east-1
$ aws workmail describe-organization --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
ARN: arn:aws:workmail:us-east-1:0123456789:organization/m-fb75a642ab0f4745b33b54f729f6af01
Alias: dhona
CompletedDate: '2023-03-23T18:20:03.872000+07:00'
DefaultMailDomain: dhona.xyz
DirectoryId: d-9067aebc88
DirectoryType: IdentityPoolDirectory
OrganizationId: m-fb75a642ab0f4745b33b54f729f6af01
State: Active
$ aws workmail list-mail-domains --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
MailDomains:
- DefaultDomain: false
DomainName: dhona.awsapps.com
- DefaultDomain: true
DomainName: dhona.xyz
5. Create User Alias
Alias in this section is different from alias of the organization. When we create a user, the user can have multiple email addresses using different domains registered on Workmail. One as primary email address and the rest as alias. It's a good choice if you have more than one domain but you want to use the same username. All emails sent to alias, will be directed to and received by primary email address.
$ aws workmail create-alias --entity-id 510f7b96-800d-47e2-a869-c3c47af4e9ea --alias dhona@dhona.xyz --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
As I said above, we can change primary email address anytime we want. So I'll make dhona@dhona.xyz as primary email of user named dhona.
$ aws workmail update-primary-email-address --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --entity-id 510f7b96-800d-47e2-a869-c3c47af4e9ea --email dhona@dhona.xyz --region us-east-1
$ aws workmail list-users --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
Users:
- DisplayName: Nurul Ramadhona
Email: dhona@dhona.xyz
EnabledDate: '2023-03-23T19:00:40.432000+07:00'
Id: 510f7b96-800d-47e2-a869-c3c47af4e9ea
Name: dhona
State: ENABLED
UserRole: USER
6. Send & Receive Email
For testing the email, we will create one more user and we will see if it works along with SPF, DKIM and DMARC checks.
$ aws workmail create-user --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --name nurul --display-name "Nurul Ramadhona" --password $password --region us-east-1
UserId: 4b1d1dd0-4c9a-451a-83de-4145063999f0
$ aws workmail register-to-work-mail --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --entity-id 4b1d1dd0-4c9a-451a-83de-4145063999f0 --email nurul@dhona.xyz --region us-east-1
$ aws workmail describe-user --user-id 4b1d1dd0-4c9a-451a-83de-4145063999f0 --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
DisplayName: Nurul Ramadhona
Email: nurul@dhona.xyz
EnabledDate: '2023-03-23T20:03:58.821000+07:00'
Name: nurul
State: ENABLED
UserId: 4b1d1dd0-4c9a-451a-83de-4145063999f0
UserRole: USER
Here is the result:
It's a test email within the same domain, passed all authentication.
7. Update Mailbox Quota
With Workmail, we are free to customize the quota of each mailbox. By default, each user gets 50GB and we are allowed to increase or decrease as we need.
$ aws workmail get-mailbox-details --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --user-id 4b1d1dd0-4c9a-451a-83de-4145063999f0 --region us-east-1
MailboxQuota: 51200
MailboxSize: 0.010987281799316406
$ aws workmail update-mailbox-quota --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --user-id 4b1d1dd0-4c9a-451a-83de-4145063999f0 --mailbox-quota 12800 --region us-east-1
$ aws workmail get-mailbox-details --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --user-id 4b1d1dd0-4c9a-451a-83de-4145063999f0 --region us-east-1
MailboxQuota: 12800
MailboxSize: 0.02144145965576172
8. Create Group
Group is always be the best practices for managing users. Let's say we have a company and it consists of many departments such as HR, Marketing, Developers, etc. It will be easier to spread information to all members of each department so no one will lose any updates.
$ aws workmail create-group --name developers --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
GroupId: bcefb7d0-1f5a-45e4-8ef4-853a74823e86
$ aws workmail register-to-work-mail --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --entity-id bcefb7d0-1f5a-45e4-8ef4-853a74823e86 --email developers@dhona.xyz --region us-east-1
$ aws workmail list-groups --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --region us-east-1
Groups:
- Email: developers@dhona.xyz
EnabledDate: '2023-03-23T20:40:45.076000+07:00'
Id: bcefb7d0-1f5a-45e4-8ef4-853a74823e86
Name: developers
State: ENABLED
9. Associate User To The Group
Now, we will add some users to the Developers group and use developers@dhona.xyz as the email address (should not already used by other group/user).
$ aws workmail associate-member-to-group --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --group-id bcefb7d0-1f5a-45e4-8ef4-853a74823e86 --member-id 3815a14e-e0d1-4d31-b998-bb290589191c --region us-east-1
$ aws workmail associate-member-to-group --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --group-id bcefb7d0-1f5a-45e4-8ef4-853a74823e86 --member-id 510f7b96-800d-47e2-a869-c3c47af4e9ea --region us-east-1
$ aws workmail list-group-members --organization-id m-fb75a642ab0f4745b33b54f729f6af01 --group-id bcefb7d0-1f5a-45e4-8ef4-853a74823e86 --region us-east-1
Members:
- EnabledDate: '2023-03-23T18:37:51.155000+07:00'
Id: 3815a14e-e0d1-4d31-b998-bb290589191c
Name: admin
State: ENABLED
Type: USER
- EnabledDate: '2023-03-23T19:00:40.432000+07:00'
Id: 510f7b96-800d-47e2-a869-c3c47af4e9ea
Name: dhona
State: ENABLED
Type: USER
I'll login to one of the members.
10. Setup Email On Mobile Email Client App
Webmail client provided by Workmail is not the only one email client we can use. As other email services, we can setup our email on mobile too by using Microsoft Exchange option. Here how it goes:
The access of the email also brings the other feature such as Calendar into our mobile app and we can use it as well as the email itself. Here's the example of how I create reminder on the Calendar from webmail client and mobile. Both will be synchronized automatically.
- Create Reminder from Webmail Client
- Create Reminder from Mobile
What's next?
We reach at the end of this post but it's not the end of this series. So please keep this state because we will use it again on the next post.
Top comments (0)