From 9bc8953105711f724cb1b7f59882766efce5b352 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:28:08 +0000 Subject: [PATCH 1/9] tf: email service --- infrastructure/email.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 infrastructure/email.tf diff --git a/infrastructure/email.tf b/infrastructure/email.tf new file mode 100644 index 00000000..889ae336 --- /dev/null +++ b/infrastructure/email.tf @@ -0,0 +1,11 @@ +resource "aws_ses_domain_identity" "getstronger" { + domain = "getstronger.pro" +} + +resource "aws_route53_record" "ses_verification" { + zone_id = aws_route53_zone.getstronger_pro.zone_id + name = "_amazonses.getstronger.pro" + type = "TXT" + ttl = 600 + records = [aws_ses_domain_identity.getstronger.verification_token] +} From 6132f2603c012dec9842ea63a6228269be898cb7 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:37:54 +0000 Subject: [PATCH 2/9] configure dkim and spf --- infrastructure/email.tf | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/infrastructure/email.tf b/infrastructure/email.tf index 889ae336..6ad8e682 100644 --- a/infrastructure/email.tf +++ b/infrastructure/email.tf @@ -9,3 +9,25 @@ resource "aws_route53_record" "ses_verification" { ttl = 600 records = [aws_ses_domain_identity.getstronger.verification_token] } + +resource "aws_ses_domain_dkim" "getstronger" { + domain = aws_ses_domain_identity.getstronger.domain +} + +resource "aws_route53_record" "dkim" { + for_each = toset(aws_ses_domain_dkim.getstronger.dkim_tokens) + zone_id = aws_route53_zone.getstronger_pro.zone_id + name = "${each.value}._domainkey.getstronger.pro" + type = "CNAME" + ttl = 600 + records = ["${each.value}.dkim.amazonses.com"] +} + +resource "aws_route53_record" "spf" { + zone_id = aws_route53_zone.getstronger_pro.zone_id + name = "getstronger.pro" + type = "TXT" + ttl = 600 + records = ["v=spf1 include:amazonses.com ~all"] +} + From dc572e94fd26d83d5c8ab633132aa191c907eb80 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:40:56 +0000 Subject: [PATCH 3/9] remove spf --- infrastructure/email.tf | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/infrastructure/email.tf b/infrastructure/email.tf index 6ad8e682..4c7d1e00 100644 --- a/infrastructure/email.tf +++ b/infrastructure/email.tf @@ -15,19 +15,10 @@ resource "aws_ses_domain_dkim" "getstronger" { } resource "aws_route53_record" "dkim" { - for_each = toset(aws_ses_domain_dkim.getstronger.dkim_tokens) - zone_id = aws_route53_zone.getstronger_pro.zone_id - name = "${each.value}._domainkey.getstronger.pro" - type = "CNAME" - ttl = 600 - records = ["${each.value}.dkim.amazonses.com"] -} - -resource "aws_route53_record" "spf" { + count = length(aws_ses_domain_dkim.getstronger.dkim_tokens) zone_id = aws_route53_zone.getstronger_pro.zone_id - name = "getstronger.pro" - type = "TXT" + name = "${aws_ses_domain_dkim.getstronger.dkim_tokens[count.index]}._domainkey.getstronger.pro" + type = "CNAME" ttl = 600 - records = ["v=spf1 include:amazonses.com ~all"] + records = ["${aws_ses_domain_dkim.getstronger.dkim_tokens[count.index]}.dkim.amazonses.com"] } - From 2e6c307f259aa34cdaa5aad1365ce8431fde405a Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:41:55 +0000 Subject: [PATCH 4/9] remove dkim --- infrastructure/email.tf | 9 --------- 1 file changed, 9 deletions(-) diff --git a/infrastructure/email.tf b/infrastructure/email.tf index 4c7d1e00..4a5557d6 100644 --- a/infrastructure/email.tf +++ b/infrastructure/email.tf @@ -13,12 +13,3 @@ resource "aws_route53_record" "ses_verification" { resource "aws_ses_domain_dkim" "getstronger" { domain = aws_ses_domain_identity.getstronger.domain } - -resource "aws_route53_record" "dkim" { - count = length(aws_ses_domain_dkim.getstronger.dkim_tokens) - zone_id = aws_route53_zone.getstronger_pro.zone_id - name = "${aws_ses_domain_dkim.getstronger.dkim_tokens[count.index]}._domainkey.getstronger.pro" - type = "CNAME" - ttl = 600 - records = ["${aws_ses_domain_dkim.getstronger.dkim_tokens[count.index]}.dkim.amazonses.com"] -} From d992fcb41b154e3b289d782fd73409fd3065a339 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:43:30 +0000 Subject: [PATCH 5/9] dkim --- infrastructure/email.tf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/infrastructure/email.tf b/infrastructure/email.tf index 4a5557d6..c497dc31 100644 --- a/infrastructure/email.tf +++ b/infrastructure/email.tf @@ -13,3 +13,12 @@ resource "aws_route53_record" "ses_verification" { resource "aws_ses_domain_dkim" "getstronger" { domain = aws_ses_domain_identity.getstronger.domain } + +resource "aws_route53_record" "dkim" { + for_each = toset(aws_ses_domain_dkim.getstronger.dkim_tokens) + zone_id = aws_route53_zone.getstronger_pro.zone_id + name = "${each.value}._domainkey.getstronger.pro" + type = "CNAME" + ttl = 600 + records = ["${each.value}.dkim.amazonses.com"] +} From 1c39687dc6ab640bc7f1c38c2a0d5861930fe3c9 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:45:24 +0000 Subject: [PATCH 6/9] spf --- infrastructure/email.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/infrastructure/email.tf b/infrastructure/email.tf index c497dc31..e7e5a16d 100644 --- a/infrastructure/email.tf +++ b/infrastructure/email.tf @@ -22,3 +22,11 @@ resource "aws_route53_record" "dkim" { ttl = 600 records = ["${each.value}.dkim.amazonses.com"] } + +resource "aws_route53_record" "spf" { + zone_id = aws_route53_zone.getstronger_pro.zone_id + name = "getstronger.pro" + type = "TXT" + ttl = 600 + records = ["v=spf1 include:amazonses.com ~all"] +} From 764e73da6cc411c9284243d945dc9b9db7f8e08c Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:47:57 +0000 Subject: [PATCH 7/9] iam policy --- infrastructure/email.tf | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/infrastructure/email.tf b/infrastructure/email.tf index e7e5a16d..e7f9d3ca 100644 --- a/infrastructure/email.tf +++ b/infrastructure/email.tf @@ -30,3 +30,19 @@ resource "aws_route53_record" "spf" { ttl = 600 records = ["v=spf1 include:amazonses.com ~all"] } + +resource "aws_iam_policy" "ses_send_email" { + name = "SES_Send_Email_GetStronger_Pro" + description = "Allows sending emails via SES for getstronger.pro" + policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Action = "ses:SendEmail", + Resource = "*" + } + ] + }) +} + From e9569cf05fecfef098d7a4c2be5d0a27995d070c Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:49:45 +0000 Subject: [PATCH 8/9] iam user --- infrastructure/email.tf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/infrastructure/email.tf b/infrastructure/email.tf index e7f9d3ca..9c8b2c74 100644 --- a/infrastructure/email.tf +++ b/infrastructure/email.tf @@ -46,3 +46,17 @@ resource "aws_iam_policy" "ses_send_email" { }) } +resource "aws_iam_user" "ses_user" { + name = "ses_user_getstronger_pro" +} + +resource "aws_iam_user_policy_attachment" "ses_policy_attach" { + user = aws_iam_user.ses_user.name + policy_arn = aws_iam_policy.ses_send_email.arn +} + +resource "aws_iam_access_key" "ses_user_key" { + user = aws_iam_user.ses_user.name +} + + From 360ee8eda71ca76a253cbca6b81b36f3f1bf4c67 Mon Sep 17 00:00:00 2001 From: Christian Carlsson Date: Wed, 4 Dec 2024 19:50:57 +0000 Subject: [PATCH 9/9] outputs --- infrastructure/variables.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 463e180d..027e7798 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -20,3 +20,15 @@ variable "aws_region" { type = string default = "eu-west-2" } + +output "ses_access_key" { + value = aws_iam_access_key.ses_user_key.id + description = "Access Key ID for SES user" + sensitive = true +} + +output "ses_secret_key" { + value = aws_iam_access_key.ses_user_key.secret + description = "Secret Access Key for SES user" + sensitive = true +}