Skip to content

Add SES Email Forwarding System for AI Coders Program #185

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
irvingpop merged 4 commits into from
Jan 29, 2026
Merged

Add SES Email Forwarding System for AI Coders Program #185

irvingpop merged 4 commits into from
Jan 29, 2026
+3,188 −3,874

Conversation

@irvingpop
Copy link
Collaborator

@irvingpop irvingpop commented Jan 29, 2026
edited
Loading

Summary

Implements an AWS SES-based email forwarding system that enables donors with recurring donations to receive custom email aliases (e.g., irving@coders.operationcode.org) that forward to their personal email addresses. Alias mappings and donor status are managed in Airtable.

What's New

Lambda Function

  • Python 3.12 Lambda deployed to us-east-1 (SES requirement)
  • Queries Airtable API to validate active donor aliases
  • Forwards emails via SES with preserved attachments and HTML formatting
  • Integrated with Sentry for error monitoring
  • Credentials stored in AWS Secrets Manager (cross-region access from us-east-2)
  • 11 unit tests with 100% pass rate

Infrastructure (Terraform)

  • Multi-region setup: Lambda/SES in us-east-1, secrets in us-east-2
  • S3 bucket for incoming emails (7-day lifecycle policy)
  • IAM roles with least-privilege permissions
  • SES domain identity, receipt rules, and DKIM configuration
  • Route53 DNS records (MX, SPF, DKIM, DMARC)
  • Automatic activation of SES receipt rule set
  • Also: cleaned up old/dead Kubernetes configs

Architecture Decisions

  • Region: us-east-1 for all SES resources (AWS requirement for email receiving)
  • Runtime: Python 3.12 on ARM64 (Graviton) for cost optimization
  • Storage: Emails stored in S3, automatically deleted after 7 days
  • Authentication: Airtable Personal Access Token via Secrets Manager
  • Monitoring: CloudWatch Logs (14-day retention) + Sentry integration

Airtable Schema

The system expects these fields (case-sensitive):

  • Alias - Email alias (e.g., "irving")
  • Email - Personal email to forward to
  • Name - Donor's full name
  • Status - Must be "active" for forwarding

Cost

~$0.25/month for 10-20 users (essentially free within AWS free tier)

Security

  • Secrets stored in AWS Secrets Manager (not in code)
  • IAM least-privilege access
  • Email scanning enabled via SES
  • Automatic secret rotation supported
  • Sentry error tracking with environment isolation

@irvingpop
Copy link
Collaborator Author

irvingpop commented Jan 29, 2026

these are already deployed and working right, functionally verified. so merging to reflect reality

@irvingpop irvingpop merged commit b734d5a into main Jan 29, 2026
1 check passed
@irvingpop irvingpop deleted the irving/ai-coders-program branch January 29, 2026 16:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@irvingpop