resource "aws_iam_user" "ses_smtp" {
  name = "ses-smtp-${replace(var.email_domain, ".", "-")}"
}

resource "aws_iam_user_policy" "ses_policy" {
  user = aws_iam_user.ses_smtp.name

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "ses:SendEmail",
          "ses:SendRawEmail"
        ]
        Resource = "*"
      }
    ]
  })
}

resource "aws_iam_access_key" "ses_smtp" {
  user = aws_iam_user.ses_smtp.name
}