masto-aio/terraform/ses.tf

144 lines
3.4 KiB
HCL

## - verification
resource "aws_ses_domain_identity" "social" {
domain = local.domain_name
}
module "ses_zone_records" {
# count = local.route53_zone == "" ? 0 : 1
source = "terraform-aws-modules/route53/aws//modules/records"
version = "~> 2.0"
zone_name = keys(module.zone.route53_zone_zone_id)[0]
records = [
{
name = "_amazonses"
type = "TXT"
ttl = "600"
records = [ aws_ses_domain_identity.social.verification_token ]
},
{
name = ""
type = "MX"
ttl = "600"
records = ["10 feedback-smtp.${local.aws_region}.amazonses.com"]
},
{
name = "bounce"
type = "MX"
ttl = "600"
records = ["10 feedback-smtp.${local.aws_region}.amazonses.com"]
},
# SPF
{
name = "bounce"
type = "TXT"
ttl = "600"
records = [ "v=spf1 include:amazonses.com ~all" ]
},
{
name = ""
type = "TXT"
ttl = "600"
records = [ "v=spf1 include:amazonses.com -all" ]
},
# DKIM
{
name = "${aws_ses_domain_dkim.social.dkim_tokens[0]}._domainkey"
type = "CNAME"
ttl = "600"
records = ["${aws_ses_domain_dkim.social.dkim_tokens[0]}.dkim.amazonses.com"]
},
{
name = "${aws_ses_domain_dkim.social.dkim_tokens[1]}._domainkey"
type = "CNAME"
ttl = "600"
records = ["${aws_ses_domain_dkim.social.dkim_tokens[1]}.dkim.amazonses.com"]
},
{
name = "${aws_ses_domain_dkim.social.dkim_tokens[2]}._domainkey"
type = "CNAME"
ttl = "600"
records = ["${aws_ses_domain_dkim.social.dkim_tokens[2]}.dkim.amazonses.com"]
},
]
depends_on = [module.zone]
}
resource "aws_ses_domain_identity_verification" "social" {
domain = aws_ses_domain_identity.social.id
depends_on = [ module.ses_zone_records ]
}
resource "aws_ses_domain_dkim" "social" {
domain = aws_ses_domain_identity.social.domain
}
## - mx record
resource "aws_ses_domain_mail_from" "social" {
domain = aws_ses_domain_identity.social.domain
mail_from_domain = "bounce.${aws_ses_domain_identity.social.domain}"
}
#resource "aws_route53_record" "mx_receive" {
# count = var.enable_incoming_email_record ? 1 : 0
#
# name = data.aws_route53_zone.domain.name
# zone_id = var.zone_id
# type = "MX"
# ttl = "600"
# records = concat(["10 inbound-smtp.${data.aws_region.current.name}.amazonaws.com"], var.additional_incoming_email_records)
#}
## SMTP credentials
resource "random_pet" "smtp" {}
resource "aws_iam_user" "ses" {
name = "smtp-${random_pet.smtp.id}"
}
resource "aws_iam_user_policy_attachment" "send_mail" {
policy_arn = aws_iam_policy.send_mail.arn
user = aws_iam_user.ses.name
}
resource "aws_iam_policy" "send_mail" {
name = "social-send-mail"
policy = data.aws_iam_policy_document.send_mail.json
}
data "aws_iam_policy_document" "send_mail" {
statement {
actions = ["ses:SendRawEmail"]
resources = [ "*" ]
#resources = [ aws_ses_domain_identity.social.arn ]
}
}
resource "aws_iam_access_key" "ses" {
user = aws_iam_user.ses.name
}
resource "local_file" "ses_secret" {
filename = ".ses_secret"
content = "${aws_iam_access_key.ses.secret}\n"
}
resource "local_file" "ses_id" {
filename = ".ses_id"
content = "${aws_iam_access_key.ses.id}\n"
#content = "${aws_iam_user.ses.name}\n"
}