144 lines
3.4 KiB
HCL
144 lines
3.4 KiB
HCL
|
|
## - verification
|
|
|
|
resource "aws_ses_domain_identity" "social" {
|
|
domain = local.domain_name
|
|
}
|
|
|
|
module "ses_zone_records" {
|
|
# count = local.route53_zone == "" ? 0 : 1
|
|
|
|
source = "terraform-aws-modules/route53/aws//modules/records"
|
|
version = "~> 2.0"
|
|
zone_name = keys(module.zone.route53_zone_zone_id)[0]
|
|
|
|
records = [
|
|
{
|
|
name = "_amazonses"
|
|
type = "TXT"
|
|
ttl = "600"
|
|
records = [ aws_ses_domain_identity.social.verification_token ]
|
|
},
|
|
{
|
|
name = ""
|
|
type = "MX"
|
|
ttl = "600"
|
|
records = ["10 feedback-smtp.${local.aws_region}.amazonses.com"]
|
|
},
|
|
{
|
|
name = "bounce"
|
|
type = "MX"
|
|
ttl = "600"
|
|
records = ["10 feedback-smtp.${local.aws_region}.amazonses.com"]
|
|
},
|
|
|
|
# SPF
|
|
{
|
|
name = "bounce"
|
|
type = "TXT"
|
|
ttl = "600"
|
|
records = [ "v=spf1 include:amazonses.com ~all" ]
|
|
},
|
|
{
|
|
name = ""
|
|
type = "TXT"
|
|
ttl = "600"
|
|
records = [ "v=spf1 include:amazonses.com -all" ]
|
|
},
|
|
|
|
# DKIM
|
|
{
|
|
name = "${aws_ses_domain_dkim.social.dkim_tokens[0]}._domainkey"
|
|
type = "CNAME"
|
|
ttl = "600"
|
|
records = ["${aws_ses_domain_dkim.social.dkim_tokens[0]}.dkim.amazonses.com"]
|
|
},
|
|
{
|
|
name = "${aws_ses_domain_dkim.social.dkim_tokens[1]}._domainkey"
|
|
type = "CNAME"
|
|
ttl = "600"
|
|
records = ["${aws_ses_domain_dkim.social.dkim_tokens[1]}.dkim.amazonses.com"]
|
|
},
|
|
{
|
|
name = "${aws_ses_domain_dkim.social.dkim_tokens[2]}._domainkey"
|
|
type = "CNAME"
|
|
ttl = "600"
|
|
records = ["${aws_ses_domain_dkim.social.dkim_tokens[2]}.dkim.amazonses.com"]
|
|
},
|
|
|
|
|
|
]
|
|
|
|
depends_on = [module.zone]
|
|
}
|
|
|
|
resource "aws_ses_domain_identity_verification" "social" {
|
|
domain = aws_ses_domain_identity.social.id
|
|
|
|
depends_on = [ module.ses_zone_records ]
|
|
}
|
|
|
|
resource "aws_ses_domain_dkim" "social" {
|
|
domain = aws_ses_domain_identity.social.domain
|
|
}
|
|
|
|
## - mx record
|
|
|
|
resource "aws_ses_domain_mail_from" "social" {
|
|
domain = aws_ses_domain_identity.social.domain
|
|
mail_from_domain = "bounce.${aws_ses_domain_identity.social.domain}"
|
|
}
|
|
|
|
|
|
#resource "aws_route53_record" "mx_receive" {
|
|
# count = var.enable_incoming_email_record ? 1 : 0
|
|
#
|
|
# name = data.aws_route53_zone.domain.name
|
|
# zone_id = var.zone_id
|
|
# type = "MX"
|
|
# ttl = "600"
|
|
# records = concat(["10 inbound-smtp.${data.aws_region.current.name}.amazonaws.com"], var.additional_incoming_email_records)
|
|
#}
|
|
|
|
## SMTP credentials
|
|
|
|
resource "random_pet" "smtp" {}
|
|
|
|
resource "aws_iam_user" "ses" {
|
|
name = "smtp-${random_pet.smtp.id}"
|
|
}
|
|
|
|
resource "aws_iam_user_policy_attachment" "send_mail" {
|
|
policy_arn = aws_iam_policy.send_mail.arn
|
|
user = aws_iam_user.ses.name
|
|
}
|
|
|
|
resource "aws_iam_policy" "send_mail" {
|
|
name = "social-send-mail"
|
|
policy = data.aws_iam_policy_document.send_mail.json
|
|
}
|
|
|
|
data "aws_iam_policy_document" "send_mail" {
|
|
statement {
|
|
actions = ["ses:SendRawEmail"]
|
|
resources = [ "*" ]
|
|
#resources = [ aws_ses_domain_identity.social.arn ]
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_access_key" "ses" {
|
|
user = aws_iam_user.ses.name
|
|
}
|
|
|
|
resource "local_file" "ses_secret" {
|
|
filename = ".ses_secret"
|
|
content = "${aws_iam_access_key.ses.secret}\n"
|
|
}
|
|
resource "local_file" "ses_id" {
|
|
filename = ".ses_id"
|
|
content = "${aws_iam_access_key.ses.id}\n"
|
|
#content = "${aws_iam_user.ses.name}\n"
|
|
}
|
|
|
|
|
|
|