Skip to content

Commit

Permalink
tf: setup aws ses (#165)
Browse files Browse the repository at this point in the history
  • Loading branch information
crlssn authored Dec 4, 2024
1 parent 8427b67 commit f73a706
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 0 deletions.
62 changes: 62 additions & 0 deletions infrastructure/email.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
resource "aws_ses_domain_identity" "getstronger" {
domain = "getstronger.pro"
}

resource "aws_route53_record" "ses_verification" {
zone_id = aws_route53_zone.getstronger_pro.zone_id
name = "_amazonses.getstronger.pro"
type = "TXT"
ttl = 600
records = [aws_ses_domain_identity.getstronger.verification_token]
}

resource "aws_ses_domain_dkim" "getstronger" {
domain = aws_ses_domain_identity.getstronger.domain
}

resource "aws_route53_record" "dkim" {
for_each = toset(aws_ses_domain_dkim.getstronger.dkim_tokens)
zone_id = aws_route53_zone.getstronger_pro.zone_id
name = "${each.value}._domainkey.getstronger.pro"
type = "CNAME"
ttl = 600
records = ["${each.value}.dkim.amazonses.com"]
}

resource "aws_route53_record" "spf" {
zone_id = aws_route53_zone.getstronger_pro.zone_id
name = "getstronger.pro"
type = "TXT"
ttl = 600
records = ["v=spf1 include:amazonses.com ~all"]
}

resource "aws_iam_policy" "ses_send_email" {
name = "SES_Send_Email_GetStronger_Pro"
description = "Allows sending emails via SES for getstronger.pro"
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Effect = "Allow",
Action = "ses:SendEmail",
Resource = "*"
}
]
})
}

resource "aws_iam_user" "ses_user" {
name = "ses_user_getstronger_pro"
}

resource "aws_iam_user_policy_attachment" "ses_policy_attach" {
user = aws_iam_user.ses_user.name
policy_arn = aws_iam_policy.ses_send_email.arn
}

resource "aws_iam_access_key" "ses_user_key" {
user = aws_iam_user.ses_user.name
}


12 changes: 12 additions & 0 deletions infrastructure/variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,15 @@ variable "aws_region" {
type = string
default = "eu-west-2"
}

output "ses_access_key" {
value = aws_iam_access_key.ses_user_key.id
description = "Access Key ID for SES user"
sensitive = true
}

output "ses_secret_key" {
value = aws_iam_access_key.ses_user_key.secret
description = "Secret Access Key for SES user"
sensitive = true
}

0 comments on commit f73a706

Please sign in to comment.