This project demonstrates how to use Amazon SES to store security camera alarm emails in S3. There is probably no real reason why you would want to do this except to receive text message notifications from your security camera by means of Amazon SES.
Anything in this section can leverage my CloudFormation template.
The SNS topic subscription is what is going to make up for the lackluster notification system of the native app. This is one of the easier components and there are really only two steps:
Get your bucket started. Use this link as help if you are new. Then using the details below, fill in some of the specifics:
Bucket Lifecycle - The emails don't have much use for me. I'm mostly concerned about receiving notifications. For this reason I have a lifecycle of my bucket to delete objects in the emails folder after 30 days.
Bucket Logging - Sure, why not! Let's put these in a logging folder.
Bucket Policy - In order for SES to write to your bucket, you will need to configure a bucket policy. In the policy below, you will need to update the resource ARN and aws:Referer.
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "GiveSESPermissionToWriteEmail",
"Effect": "Allow",
"Principal": {
"Service": "ses.amazonaws.com"
},
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::mybucket/emails/*",
"Condition": {
"StringEquals": {
"aws:Referer": "###myaccountnumber###"
}
}
}
]
}
Bucket Notification - You want to set up S3 to send a notification to the SNS topic whenever an email occurs in the bucket. This is completed in the bucket properties of the S3 console, somewhat hidden under "events". Mine has a long crazy name because it was created in CloudFormation. I haven't found a way around that yet.
Everything going forward can not be automated and must be done in the console or within the camera software.
I discussed setting SES Email receiving in my last post. For this endeavor, we are taking it a step further by managing receiving email from a specific email address, that we will use exclusively for the camera.
Be sure to put this rule at the top of your rule set. If everything has worked you should see AMAZON_SES_SETUP_NOTIFICATION email in your S3 bucket.
Before SES can receive emails through Amazon's SMTP endpoint and process rules on those emails, you need to verify the ownership of the domain with Amazon. This is a pretty big process in and of itself if you registered a .io domain like me.
If you are registering another top level domain (ie, .com), then the process may be much quicker for you. This is a good link that should help get you started.
Amazon allows any email client, whether in the AWS cloud or not, to use Amazon SMTP servers for sending and receiving mail. This is a good page to read briefly about the capabilities. Sending through Amazon SMTP does require a user within the account with the required policy and generated SMTP credentials. The SMTP credentials are not the same as access and secret key, although they look the same.
It seems the only way to generate SMTP credentails is to use the wizard. You can not create your own user, policy, and later connect SMTP credentials. If you go to the SES Console > SMTP Settings > Create my SMTP Credentials, a wizard will guide you through creating an IAM user with the required policy, and then generate SMTP credentials.
This might be a good time to check to see if you can successfully send an email through the pipeline created before fiddling with the crappy camera software. You can use the powershell file included to run the tests. A success should show an email in your bucket. You should send to/from email addresses you have already verified.
A failure will help you understand where the problem is. For instance an error like this indicates you are leaving your network and communicating with Amazon and that there may be a problem with your SMTP credentials.
Exception calling "Send" with "1" argument(s): "The SMTP server requires a secure connection or the client was not authenticated. The server response was: Authentication required"
At C:\Users\Ben\repos\Send-AmazonSmtpEmail.ps1:54 char:5
+ $SMTPClient.Send($SMTPMessage)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SmtpException
An error like this is because your to/from email addresses have not been verified:
Exception calling "Send" with "1" argument(s): "Transaction failed. The server response was: Message rejected: Email address is not verified. The following identities failed the check in region US-EAST-1: your-momma@gmail.com"
At C:\Users\Ben\repos\Send-AmazonSmtpEmail.ps1:52 char:5
+ $SMTPClient.Send($SMTPMessage)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SmtpException
Getting good at working with AWS services means getting good at using their documentation. This page here and this page have some good info on setting up your email client, in this case a camera. You'll need to pick:
- an SMTP endpoint
- STARTTLS
- Port 587. I'm on Windows 10 with a Verizon Fios Quantum Gateway router. Port 25 was not working for me and I had limited access to router logs. The camera logs were also no good. I may have gotten lucky here.
- To/from email. No reason they can't be the same.
- SMTP credentials.
You'll need to log in to the camera web portal, I found that there were two users besides the admin (user and guest) which can not be managed from the mobile app. You may want to update default passwords on these so you don't unknowingly participate in DDoSing Dyn DNS servers..
You'll also need to set up your motion alarm. For me, this is something I found easier to do in the mobile app. I find the camera to be incredibly sensitive so I adjusted the setting to 'low'.
Fill this stuff in, then click the test button and you should be in business!