SES DKIM for us-east-1 (#1316)

* SES DKIM for us-east-1

* mock outputs

aws/dns/outputs.tf

@@ -28,6 +28,10 @@ output "notification_canada_ca_dkim" {
   value = aws_ses_domain_dkim.notification-canada-ca.dkim_tokens
 
 }
+
+output "notification_canada_ca_receiving_dkim" {
+  value = aws_ses_domain_dkim.notification-canada-ca-receiving.dkim_tokens
+}
 output "notification_internal_dns_cert" {
   value = base64encode(tls_self_signed_cert.internal_dns.cert_pem)
 }

aws/dns/ses.tf

@@ -27,6 +27,7 @@ resource "aws_ses_domain_dkim" "notification-canada-ca" {
   domain = var.domain
 }
 
+
 # TODO: SES Domain Validation Records Programmatically
 
 resource "aws_ses_identity_notification_topic" "notification-canada-ca-bounce-topic" {
@@ -68,6 +69,12 @@ resource "aws_ses_domain_identity" "notification-canada-ca-receiving" {
   domain = var.domain
 }
 
+resource "aws_ses_domain_dkim" "notification-canada-ca-receiving" {
+  provider = aws.us-east-1
+  domain   = var.domain
+}
+
+
 resource "aws_ses_receipt_rule_set" "main" {
   provider = aws.us-east-1
 

aws/ses_validation_dns_entries/sesValidationDnsEntries.tf

@@ -21,6 +21,17 @@ resource "aws_route53_record" "notification_canada_ca_dkim_record" {
   records         = ["${each.value}.dkim.amazonses.com"]
 }
 
+resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" {
+  for_each        = { for s in jsondecode(var.notification_canada_ca_receiving_dkim) : "${s}" => s }
+  provider        = aws.dns
+  zone_id         = var.route_53_zone_arn
+  name            = "${each.value}._domainkey.${var.domain}"
+  type            = "CNAME"
+  ttl             = "600"
+  allow_overwrite = true
+  records         = ["${each.value}.dkim.amazonses.com"]
+}
+
 
 resource "aws_route53_record" "ses_cic_trvapply_vrtdemande_dkim_record" {
   for_each        = { for cd in jsondecode(var.cic_trvapply_vrtdemande_dkim) : "${cd.domain}.${cd.token}" => cd }

aws/ses_validation_dns_entries/variables.tf

@@ -23,4 +23,9 @@ variable "cic_trvapply_vrtdemande_dkim" {
 variable "notification_canada_ca_dkim" {
   type        = string
   description = "Used to fetch the validation tokens for the root notify domain"
+}
+
+variable "notification_canada_ca_receiving_dkim" {
+  type        = string
+  description = "Used to fetch the validation tokens for the root notify domain in US-EAST-1"
 }

env/dev/ses_validation_dns_entries/terragrunt.hcl

@@ -22,6 +22,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []
   }
 }
 
@@ -34,6 +38,7 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }
 
 terraform {

env/production/ses_validation_dns_entries/terragrunt.hcl

@@ -27,6 +27,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []    
   }
 }
 
@@ -39,4 +43,5 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }

env/sandbox/ses_validation_dns_entries/terragrunt.hcl

@@ -22,6 +22,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []    
   }
 }
 
@@ -34,6 +38,7 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }
 
 terraform {

env/staging/ses_validation_dns_entries/terragrunt.hcl

@@ -22,6 +22,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []
   }
 }
 
@@ -34,6 +38,7 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }
 
 terraform {