Always Get Better

Posts Tagged ‘email’

Serverless Contact Forms with AWS Lambda

Thursday, October 27th, 2016

LAMB-da - Serverless Contact FormsServers are a pain to run. They break, get hacked, need updating, and generally need your constant attention or that site you posted two years ago won’t work when you need to make a change. Static sites are a beautiful dream, but what do you do when you need user input? You don’t want to use a third-party service just to get rare contact forms from your visitors. It’s stupid to run a web server to handle this; that completely eliminates the whole purpose of creating a static site. What you need are serverless contact forms.

Architecture

I use Wufoo forms for most of my static sites but today I’m switching to Lambdas. To start, I have a static Jekyll site uploaded to S3. I have a CloudFront distribution set up for edge-caching and SSL. Now I’m going to add a contact form that reaches through AWS’ API Gateway to execute a node.js script hosted on Lambda.

Here is the general data flow:

Serverless Contact Forms Architecture

Serverless Contact Forms Architecture

Email Script

I first write a simple Node.js script that validates the contact form parameters then pumps the messages into the Sendgrid API. You can swap in your preferred client. AWS SES is a popular one for sure and a nice way to keep everything under one umbrella.

Setting Up the Lambda

First create a blank template.

Serverless Contact Forms start with a blank lambda

Serverless Contact Forms start with a blank lambda

Next create an API Gateway trigger for the Lambda. I set my security to ‘Open’ because I am allowing anonymous traffic to send contact forms.

Serverless Contact Forms API Gateway Settings

Serverless Contact Forms API Gateway Settings

Finally, upload the contact form script. Since I’ve used libraries other than Amazon’s own I need to zip everything up and send it as an archive.

Serverless Contact Forms Lambda Setup

Serverless Contact Forms Lambda Setup

Configuring the API Gateway for Serverless Contact Forms

Now that the Lambda function has been created it’s time to open it to the outside world. Go to the ‘API Gateway’ service, find your endpoint, and choose Actions -> Create Method. Add a POST method pointing to your Lambda function’s name.

Serverless Contact Forms API Gateway Setup

Serverless Contact Forms API Gateway Setup

You need to enable CORS because you will be using AJAX to submit the form. This is a cross-domain request while we’re testing it out.

lambda-cors

Then deploy the API. The default environment is prod, which is good enough for our purposes.

lambda-5

Finally you see the the endpoint URL you will use for your form.

lambda-6

Serverless Contact Forms

That’s the backend all set up now you can build out the contact form your visitors will use to contact you. Here’s mine. It’s super ugly but it gets the point across.

When you hit submit the send function executes, posting the email address and message to the endpoint and alerting the results. Nothing fancy, and obviously you would need to code in all the proper validation and UI stuff to make this pretty.

CloudFront Configuration

I can get into the static site setup later, but for now I’m working from an existing distribution.

Since CORS is all set up you could use the endpoint as-is and just launch your contact form, but that’s not as elegant as posting to the same domain as the form itself. You can achieve this illusion because CloudFront is able to forward POST requests now.

Add the origin for the API to the distribution.

lambda-7

Tell CloudFront to forward (and not cache!) your contact form by adding a behaviour for the path where you want to host the form. The path name should match your API resource name:

lambda-8

For this to work make sure you choose the Allowed HTTP Methods option with POST. Setting the Forward Headers option to ALL causes CloudFront to use the origin cache settings (no cache) which will let more than one person use your contact form.

Profit

Overall this feels like it is a longer process than it should be. The first time I did this it took almost 5 hours, but now that I know the process I’m sure next time will be a lot faster. Figuring out the right folders and permission settings (for CORS) was the most finicky part of the process, but the API Gateway has an informative test tool that helped a lot.

This is only going to get better, and Lambda is a fantastic cost-effective tool for replacing on-demand tasks where you would once need to spin up and support a whole server. Serverless contact forms are definitely the way to go if your site is otherwise static.

Gmail for Company Mail

Tuesday, December 9th, 2008

Even though it is a search engine, Google has done a fantastic job delivering a bewildering array of services over the past several years. Between its Android platform, Office Suite, Mail Services, Blog Hosting and Video acquisition, there is no field untouched by Google’s reach. Today I want to talk a little about my experience using Gmail for corporate email.

Gmail @YourDomain.com
I suspect many readers are familiar with the GMail interface – that sleek AJAX application that kicks the tar out of Outlook in terms of both speed and usability (how do they get their apps to run so fast?). GMail for corporations is a slightly different beast than GMail for individuals. Some differences are:

  • New features are rolled out on GMail for individuals first. Presumably this is to test-drive changes before surprising the corporate users who may actually be paying for the service.
  • GMail corporate uses your company’s DNS name – email addresses take the form of UserName@company.com rather than UserName@Gmail.com
  • Company-wide documents and email addresses can be automatically shared between existing and new accounts

The Best Things in Life Aren’t Always Free
For the first 100 email accounts, companies are able to use Google’s services for free. That means 7GB of storage for every user, world-class chat and mail functionality, incredible speed, POP and IMAP access, plus a web interface that makes enterprise-level email applications obsolete.

The catch: if you need more than 100 accounts, you need to switch to paid mode, which is $50 annually per user. Of course, an organization larger than 100 employees is likely in a position to absorb the extra $5000+ for email services as part of its operating budget. For a smaller company, $50 per account can be a lot of money – but the free version is fully featured.

External Devices
Any application capable of downloading POP or IMAP mail is able to reetrieve messages from a GMail account. If you need to get your email from more than one program or device take note: GMail ignores ‘leave on server’ and ‘retrive X days of message’. If Device A downloads an email, Device B will not and vice-versa.

The way to correct this is by changing your username to recent:username@company.com, which will cause GMail to download all email in the last 30 days. Watch out! This will download duplicate email if you already have mail one file before switching to recent mode. Consider yourself warned!

Privacy
How does Google protect your privacy on GMail? Essentially, it doesn’t. Anything you send through the GMail servers technically becomes property of Google.

What does that mean for the average user? Probably nothing. Email should never be considered a secure medium – a good rule of thumb is: do not send anything you would be embarassed to see on the front page of your local newspaper tomorrow morning.

Google claims they do no cataloguing or data mining on emails within the GMail system. However, they do use context-sensitive advertisements which will appear alongside all mail in your inbox. Some users may be annoyed by the ads but personally I find them to be often interesting; sometimes they are even worth a click!

Use GMail, or Not?
Although it is constantly improved, GMail is a mature and scalable product. Companies with small or non-existent technical staff would do well to trust this critical function to Google rather than to [insert ISP name here] due to the size and credibility Google has made for itself. Technical staff at larger organizations may even welcome the switch – letting someone else manage email issues reduces headache and expense.