From 4ba5c5b5da0bad22478f21c2cde5ecc31992e9e5 Mon Sep 17 00:00:00 2001
From: Ben Larabie <ben.larabie@cds-snc.ca>
Date: Thu, 9 May 2024 13:55:17 -0400
Subject: [PATCH] SES DKIM for us-east-1 (#1316)

* SES DKIM for us-east-1

* mock outputs
---
 aws/dns/outputs.tf                                    |  4 ++++
 aws/dns/ses.tf                                        |  7 +++++++
 .../sesValidationDnsEntries.tf                        | 11 +++++++++++
 aws/ses_validation_dns_entries/variables.tf           |  5 +++++
 env/dev/ses_validation_dns_entries/terragrunt.hcl     |  5 +++++
 .../ses_validation_dns_entries/terragrunt.hcl         |  5 +++++
 env/sandbox/ses_validation_dns_entries/terragrunt.hcl |  5 +++++
 env/staging/ses_validation_dns_entries/terragrunt.hcl |  5 +++++
 8 files changed, 47 insertions(+)

diff --git a/aws/dns/outputs.tf b/aws/dns/outputs.tf
index 1b40bd714..08f909f69 100644
--- a/aws/dns/outputs.tf
+++ b/aws/dns/outputs.tf
@@ -28,6 +28,10 @@ output "notification_canada_ca_dkim" {
   value = aws_ses_domain_dkim.notification-canada-ca.dkim_tokens
 
 }
+
+output "notification_canada_ca_receiving_dkim" {
+  value = aws_ses_domain_dkim.notification-canada-ca-receiving.dkim_tokens
+}
 output "notification_internal_dns_cert" {
   value = base64encode(tls_self_signed_cert.internal_dns.cert_pem)
 }
diff --git a/aws/dns/ses.tf b/aws/dns/ses.tf
index 8586ff346..9181801e9 100644
--- a/aws/dns/ses.tf
+++ b/aws/dns/ses.tf
@@ -27,6 +27,7 @@ resource "aws_ses_domain_dkim" "notification-canada-ca" {
   domain = var.domain
 }
 
+
 # TODO: SES Domain Validation Records Programmatically
 
 resource "aws_ses_identity_notification_topic" "notification-canada-ca-bounce-topic" {
@@ -68,6 +69,12 @@ resource "aws_ses_domain_identity" "notification-canada-ca-receiving" {
   domain = var.domain
 }
 
+resource "aws_ses_domain_dkim" "notification-canada-ca-receiving" {
+  provider = aws.us-east-1
+  domain   = var.domain
+}
+
+
 resource "aws_ses_receipt_rule_set" "main" {
   provider = aws.us-east-1
 
diff --git a/aws/ses_validation_dns_entries/sesValidationDnsEntries.tf b/aws/ses_validation_dns_entries/sesValidationDnsEntries.tf
index 85a3d2248..b9dfff5d5 100644
--- a/aws/ses_validation_dns_entries/sesValidationDnsEntries.tf
+++ b/aws/ses_validation_dns_entries/sesValidationDnsEntries.tf
@@ -21,6 +21,17 @@ resource "aws_route53_record" "notification_canada_ca_dkim_record" {
   records         = ["${each.value}.dkim.amazonses.com"]
 }
 
+resource "aws_route53_record" "notification_canada_ca_receiving_dkim_record" {
+  for_each        = { for s in jsondecode(var.notification_canada_ca_receiving_dkim) : "${s}" => s }
+  provider        = aws.dns
+  zone_id         = var.route_53_zone_arn
+  name            = "${each.value}._domainkey.${var.domain}"
+  type            = "CNAME"
+  ttl             = "600"
+  allow_overwrite = true
+  records         = ["${each.value}.dkim.amazonses.com"]
+}
+
 
 resource "aws_route53_record" "ses_cic_trvapply_vrtdemande_dkim_record" {
   for_each        = { for cd in jsondecode(var.cic_trvapply_vrtdemande_dkim) : "${cd.domain}.${cd.token}" => cd }
diff --git a/aws/ses_validation_dns_entries/variables.tf b/aws/ses_validation_dns_entries/variables.tf
index 8bef969f3..eb905240d 100644
--- a/aws/ses_validation_dns_entries/variables.tf
+++ b/aws/ses_validation_dns_entries/variables.tf
@@ -23,4 +23,9 @@ variable "cic_trvapply_vrtdemande_dkim" {
 variable "notification_canada_ca_dkim" {
   type        = string
   description = "Used to fetch the validation tokens for the root notify domain"
+}
+
+variable "notification_canada_ca_receiving_dkim" {
+  type        = string
+  description = "Used to fetch the validation tokens for the root notify domain in US-EAST-1"
 }
\ No newline at end of file
diff --git a/env/dev/ses_validation_dns_entries/terragrunt.hcl b/env/dev/ses_validation_dns_entries/terragrunt.hcl
index 620925310..b75ff7997 100644
--- a/env/dev/ses_validation_dns_entries/terragrunt.hcl
+++ b/env/dev/ses_validation_dns_entries/terragrunt.hcl
@@ -22,6 +22,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []
   }
 }
 
@@ -34,6 +38,7 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }
 
 terraform {
diff --git a/env/production/ses_validation_dns_entries/terragrunt.hcl b/env/production/ses_validation_dns_entries/terragrunt.hcl
index 4b750da4a..10550e721 100644
--- a/env/production/ses_validation_dns_entries/terragrunt.hcl
+++ b/env/production/ses_validation_dns_entries/terragrunt.hcl
@@ -27,6 +27,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []    
   }
 }
 
@@ -39,4 +43,5 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }
\ No newline at end of file
diff --git a/env/sandbox/ses_validation_dns_entries/terragrunt.hcl b/env/sandbox/ses_validation_dns_entries/terragrunt.hcl
index 620925310..c44e8b165 100644
--- a/env/sandbox/ses_validation_dns_entries/terragrunt.hcl
+++ b/env/sandbox/ses_validation_dns_entries/terragrunt.hcl
@@ -22,6 +22,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []    
   }
 }
 
@@ -34,6 +38,7 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }
 
 terraform {
diff --git a/env/staging/ses_validation_dns_entries/terragrunt.hcl b/env/staging/ses_validation_dns_entries/terragrunt.hcl
index 72218c099..2ca82594d 100644
--- a/env/staging/ses_validation_dns_entries/terragrunt.hcl
+++ b/env/staging/ses_validation_dns_entries/terragrunt.hcl
@@ -22,6 +22,10 @@ dependency "dns" {
   mock_outputs_merge_with_state           = true
   mock_outputs = {
     lambda_ses_receiving_emails_image_arn = ""
+    notification_canada_ca_receiving_dkim = []
+    notification_canada_ca_dkim = []
+    cic_trvapply_vrtdemande_dkim = []
+    custom_sending_domains_dkim = []
   }
 }
 
@@ -34,6 +38,7 @@ inputs = {
   custom_sending_domains_dkim   = dependency.dns.outputs.custom_sending_domains_dkim
   cic_trvapply_vrtdemande_dkim  = dependency.dns.outputs.cic_trvapply_vrtdemande_dkim
   notification_canada_ca_dkim   = dependency.dns.outputs.notification_canada_ca_dkim
+  notification_canada_ca_receiving_dkim   = dependency.dns.outputs.notification_canada_ca_receiving_dkim
 }
 
 terraform {