mirror of
https://github.com/Hestia-Homes/Model.git
synced 2026-06-30 13:10:47 +00:00
set up of AWS SES
This commit is contained in:
parent
f20ba59320
commit
9f92e856d3
4 changed files with 138 additions and 0 deletions
|
|
@ -261,4 +261,17 @@ module "cloudfront_distribution" {
|
||||||
bucket_arn = module.s3.bucket_arn
|
bucket_arn = module.s3.bucket_arn
|
||||||
bucket_domain_name = module.s3.bucket_domain_name
|
bucket_domain_name = module.s3.bucket_domain_name
|
||||||
stage = var.stage
|
stage = var.stage
|
||||||
|
}
|
||||||
|
|
||||||
|
################################################
|
||||||
|
# SES - Email sending
|
||||||
|
################################################
|
||||||
|
module "ses" {
|
||||||
|
source = "./modules/ses"
|
||||||
|
domain_name = "domna.homes"
|
||||||
|
stage = var.stage
|
||||||
|
}
|
||||||
|
|
||||||
|
output "ses_dns_records" {
|
||||||
|
value = module.ses.dns_records
|
||||||
}
|
}
|
||||||
50
infrastructure/terraform/modules/ses/main.tf
Normal file
50
infrastructure/terraform/modules/ses/main.tf
Normal file
|
|
@ -0,0 +1,50 @@
|
||||||
|
resource "aws_ses_domain_identity" "this" {
|
||||||
|
domain = var.domain_name
|
||||||
|
}
|
||||||
|
|
||||||
|
# DKIM signing
|
||||||
|
resource "aws_ses_domain_dkim" "this" {
|
||||||
|
domain = aws_ses_domain_identity.this.domain
|
||||||
|
}
|
||||||
|
|
||||||
|
# IAM user for SES SMTP
|
||||||
|
resource "aws_iam_user" "ses_user" {
|
||||||
|
name = "${var.stage}-ses-user"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_user_policy" "ses_send_policy" {
|
||||||
|
name = "AllowSESSendEmail"
|
||||||
|
user = aws_iam_user.ses_user.name
|
||||||
|
|
||||||
|
policy = jsonencode({
|
||||||
|
Version = "2012-10-17"
|
||||||
|
Statement = [
|
||||||
|
{
|
||||||
|
Effect = "Allow"
|
||||||
|
Action = [
|
||||||
|
"ses:SendEmail",
|
||||||
|
"ses:SendRawEmail"
|
||||||
|
]
|
||||||
|
Resource = "*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_iam_access_key" "ses_user" {
|
||||||
|
user = aws_iam_user.ses_user.name
|
||||||
|
}
|
||||||
|
|
||||||
|
# Store SMTP credentials in AWS Secrets Manager
|
||||||
|
resource "aws_secretsmanager_secret" "ses_smtp" {
|
||||||
|
name = "${var.stage}/ses/smtp_credentials"
|
||||||
|
description = "SMTP credentials for SES (${var.stage})"
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "aws_secretsmanager_secret_version" "ses_smtp" {
|
||||||
|
secret_id = aws_secretsmanager_secret.ses_smtp.id
|
||||||
|
secret_string = jsonencode({
|
||||||
|
username = aws_iam_access_key.ses_user.id
|
||||||
|
password = aws_iam_access_key.ses_user.ses_smtp_password_v4
|
||||||
|
})
|
||||||
|
}
|
||||||
66
infrastructure/terraform/modules/ses/outputs.tf
Normal file
66
infrastructure/terraform/modules/ses/outputs.tf
Normal file
|
|
@ -0,0 +1,66 @@
|
||||||
|
# These are our DNS records that will need to be added to our Krystal account
|
||||||
|
|
||||||
|
# TXT record
|
||||||
|
output "verification_record" {
|
||||||
|
description = "TXT record required to verify the domain with SES"
|
||||||
|
value = {
|
||||||
|
name = "_amazonses.${aws_ses_domain_identity.this.domain}"
|
||||||
|
type = "TXT"
|
||||||
|
value = aws_ses_domain_identity.this.verification_token
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# DKIM CNAME records
|
||||||
|
output "dkim_records" {
|
||||||
|
description = "CNAME records required to enable DKIM for SES"
|
||||||
|
value = [
|
||||||
|
for dkim in aws_ses_domain_dkim.this.dkim_tokens : {
|
||||||
|
name = "${dkim}._domainkey.${aws_ses_domain_identity.this.domain}"
|
||||||
|
type = "CNAME"
|
||||||
|
value = "${dkim}.dkim.amazonses.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
# SMTP credentials - send them to secrets manager
|
||||||
|
output "ses_smtp_secret_arn" {
|
||||||
|
description = "ARN of the SES SMTP credentials stored in Secrets Manager"
|
||||||
|
value = aws_secretsmanager_secret.ses_smtp.arn
|
||||||
|
}
|
||||||
|
|
||||||
|
output "smtp_password" {
|
||||||
|
value = aws_iam_access_key.ses_user.ses_smtp_password_v4
|
||||||
|
sensitive = true
|
||||||
|
description = "SMTP password for SES"
|
||||||
|
}
|
||||||
|
|
||||||
|
output "dns_records" {
|
||||||
|
description = "All DNS records required for SES verification and recommended deliverability"
|
||||||
|
value = concat(
|
||||||
|
[
|
||||||
|
{
|
||||||
|
name = "_amazonses.${aws_ses_domain_identity.this.domain}"
|
||||||
|
type = "TXT"
|
||||||
|
value = aws_ses_domain_identity.this.verification_token
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = var.domain_name
|
||||||
|
type = "TXT"
|
||||||
|
value = "v=spf1 include:amazonses.com -all"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name = "_dmarc.${var.domain_name}"
|
||||||
|
type = "TXT"
|
||||||
|
value = "v=DMARC1; p=quarantine; rua=mailto:postmaster@${var.domain_name}"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
[
|
||||||
|
for dkim in aws_ses_domain_dkim.this.dkim_tokens : {
|
||||||
|
name = "${dkim}._domainkey.${aws_ses_domain_identity.this.domain}"
|
||||||
|
type = "CNAME"
|
||||||
|
value = "${dkim}.dkim.amazonses.com"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
9
infrastructure/terraform/modules/ses/variables.tf
Normal file
9
infrastructure/terraform/modules/ses/variables.tf
Normal file
|
|
@ -0,0 +1,9 @@
|
||||||
|
variable "domain_name" {
|
||||||
|
description = "The domain to verify with SES (e.g. domna.homes)"
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
||||||
|
variable "stage" {
|
||||||
|
description = "Deployment stage (e.g. dev, prod)"
|
||||||
|
type = string
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue