clouddrove / terraform-aws-ses Goto Github PK

View Code? Open in Web Editor NEW

22.0 5.0 23.0 71 KB

Terraform module to create an SES Identity with SES IAM user on AWS.

Home Page: https://www.terraform.io/docs/providers/aws/r/ses_domain_identity.html

License: Apache License 2.0

HCL 99.28% Makefile 0.72%

terraform-module aws ses clouddrove cloud email notification hcl haktoberfest

terraform-aws-ses's Introduction

Terraform AWS SES

With our comprehensive DevOps toolkit - streamline operations, automate workflows, enhance collaboration and, most importantly, deploy with confidence.

We are a group of DevOps engineers & architects, joining hands in this ever evolving digital landscape. With our strong belief in Automation; just like microservices, always on the lookout to split the the infrastructure into smaller connected resources (database, cluster and more) which could be standardized, are manageable, scalable, secure & follow industry best practices.

This module includes Terraform open source, examples, and automation tests (for better understanding), which would help you create and improve your infrastructure with minimalistic coding.

Prerequisites and Providers

This table contains both Prerequisites and Providers:

Description	Name	Version
Prerequisite	Terraform	>= 1.6.5
Provider	aws	>= 5.30.0

Examples

IMPORTANT: Since the master branch used in source varies based on new modifications, we recommend using the release versions.

📌 For additional usage examples, check the complete list under examples/ directory.

Inputs and Outputs

Refer to complete documentation: here

Module Dependencies

This module has dependencies on:

Labels Module: Provides resource tagging.

📑 Changelog

Refer here.

✨ Contributors

Big thanks to our contributors for elevating our project with their dedication and expertise! But, we do not wish to stop there, would like to invite contributions from the community in improving these projects and making them more versatile for better reach. Remember, every bit of contribution is immensely valuable, as, together, we are moving in only 1 direction, i.e. forward.

If you're considering contributing to our project, here are a few quick guidelines that we have been following (Got a suggestion? We are all ears!):

Fork the Repository: Create a new branch for your feature or bug fix.
Coding Standards: You know the drill.
Clear Commit Messages: Write clear and concise commit messages to facilitate understanding.
Thorough Testing: Test your changes thoroughly before submitting a pull request.
Documentation Updates: Include relevant documentation updates if your changes impact it.

Feedback

Spot a bug or have thoughts to share with us? Let's squash it together! Log it in our issue tracker, feel free to drop us an email at [email protected].

Show some love with a ★ on our GitHub! if our work has brightened your day! – your feedback fuels our journey!

🚀 Our Accomplishment

We have 100+ Terraform modules 🙌. You could consider them finished, but, with enthusiasts like yourself, we are able to ever improve them, so we call our status - improvement in progress.

Terraform Module Registry: Discover our Terraform modules here.
Terraform Modules for AWS/Azure Modules: Explore our comprehensive Table of Contents for easy navigation through our documentation for modules pertaining to AWS, Azure & GCP.
Terraform Modules for Digital Ocean: Check out our specialized Terraform modules for Digital Ocean.

Join Our Slack Community

Join our vibrant open-source slack community and embark on an ever-evolving journey with CloudDrove; helping you in moving upwards in your career path. Join our vibrant Open Source Slack Community and embark on a learning journey with CloudDrove. Grow with us in the world of DevOps and set your career on a path of consistency.

🌐💬What you'll get after joining this Slack community:

🚀 Encouragement to upgrade your best version.
🌈 Learning companionship with our DevOps squad.
🌱 Relentless growth with daily updates on new advancements in technologies.

Join our tech elites Join Now 🚀

Explore Our Blogs

Click here 📚 🌟

Tap into our capabilities

We provide a platform for organizations to engage with experienced top-tier DevOps & Cloud services. Tap into our pool of certified engineers and architects to elevate your DevOps and Cloud Solutions.

At CloudDrove, has extensive experience in designing, building & migrating environments, securing, consulting, monitoring, optimizing, automating, and maintaining complex and large modern systems. With remarkable client footprints in American & European corridors, our certified architects & engineers are ready to serve you as per your requirements & schedule. Write to us at [email protected].

We are The Cloud Experts!

We ❤️ Open Source and you can check out our other modules to get help with your new Cloud ideas.

terraform-aws-ses's People

Contributors

Stargazers

Watchers

terraform-aws-ses's Issues

IAM user credentials

Please add the IAM user access key ID and secret key to outputs or make it possible to put them somewhere, for example, into the parameter store.

output "iam_access_key_secret" {
  description = "The access key secret"
  value       = try(aws_iam_access_key.default[0].secret, "")
  sensitive   = true
}
output "iam_access_key_id" {
  description = "The access key ID"
  value       = try(aws_iam_access_key.default[0].id, "")
}

module "ssm_keys" {
  source  = "zahornyak/multiple-ssm-parameters/aws"
  version = "0.0.13"

  parameter_prefix = "/${var.iam_name}/"

  parameters = {
    ses_user_access_key = {
      value = aws_iam_access_key.default[0].id
    }
    ses_user_secret_key = {
      value = aws_iam_access_key.default[0].secret
    }
  }
}

No outputs for v1.3.2

Hey there! I've been struggling while using this module when I realized the 1.3.2 release (latest) has commented outputs. Different from what's currently on master. Are you planning a a new release soon?

https://github.com/clouddrove/terraform-aws-ses/blob/1.3.2/outputs.tf

Redundant Verification Resources

AWS has the following announcement on their SES dashboards:

Domain verification in Amazon SES is now based on DomainKeys Identified Mail (DKIM), an email authentication standard that receiving mail servers use to validate an email’s authenticity. Configuring DKIM in your domain’s DNS settings confirms to SES that you’re the identity owner, eliminating the need for TXT records. Domain identities that were verified using TXT records do not need to be reverified; however, we still recommend enabling DKIM signatures to enhance the deliverability of your mail with DKIM-compliant email providers. To access your legacy TXT records, download Legacy TXT record set as .csv <>.

Based on this it is possible to delete the following resources:

resource "aws_ses_domain_identity_verification" "default"
resource "aws_route53_record" "ses_verification"

I have tested this with my own domains to confirm that they remain verified even with these resources removed.

aws_ses_domain_identity.default is tuple with 1 element

Hello,

Trying to enable mail from domain to use mail.example.com

Example

module "example_ses" {
  source  = "registry.terraform.io/clouddrove/ses/aws"
  version = "1.0.1"

  enable_domain = true
  domain        = "example.com"

  enable_mail_from = true
  mail_from_domain = "mail.example.com"

  enable_verification = true
  enable_mx           = true
  enable_spf_domain   = true

  cname_type = "CNAME"
  mx_type    = "MX"
  txt_type   = "TXT"
  zone_id    = data.aws_route53_zone.selected.id
}

## SES Policy
data "aws_iam_policy_document" "example_ses_policy" {
  statement {
    actions   = ["SES:SendEmail", "SES:SendRawEmail"]
    resources = [module.example_ses.domain_identity_arn]

    principals {
      type = "AWS"
      identifiers = [
        data.terraform_remote_state.dev_account.outputs.account_id,
        data.terraform_remote_state.stg_account.outputs.account_id
      ]
    }
  }
}

resource "aws_ses_identity_policy" "example_ses_identity_policy" {
  identity = module.example_ses.domain_identity_arn
  name     = "allow-account-id"
  policy   = data.aws_iam_policy_document.example_ses_policy.json
}

Error:

│ Error: Incorrect attribute value type
│ 
│   on .terraform/modules/example_ses/main.tf line 66, in resource "aws_ses_domain_mail_from" "default":
│   66:   domain           = aws_ses_domain_identity.default.*.domain
│     ├────────────────
│     │ aws_ses_domain_identity.default is tuple with 1 element
│ 
│ Inappropriate value for attribute "domain": string required.

I am sure not a bug and doing something wrong here.
Thanks

No release for fix 'aws_ses_domain_identity.default is tuple with 1 element'

The module was patched, but a release was never created, so the prior issue should not have been closed.

Issue with Route53

I'm always getting this issue:

│ Error: creating Route 53 Record: InvalidChangeBatch: [Tried to create resource record set [name='mydomain.dev.', type='TXT'] but it already exists]
│       status code: 400, request id: xx-xx-xx-xx-xxxx
│ 
│   with module.mydomain_dev_ses.aws_route53_record.ses_verification[0],
│   on ../modules/aws-ses/main.tf line 49, in resource "aws_route53_record" "ses_verification":
│   49: resource "aws_route53_record" "ses_verification" {
│

The resource doesn't exist. It's probably not iterated right.

Has anyone run into this? I'm still figuring out how to solve it.

Edit: hashicorp/terraform-provider-aws#12322 It's a known issue with the plugin.

Disable the policy created by the module

Hello,

Is there a way to disable the policy creation ?

So we can apply a custom policy.

Thanks a lot

Add the ability to send a list of arns for the default domain policy

looking for a simple fix to allow the IaC to send a list of arns for the default policy, i had a branch with the change but unable to push to the repo.

here is the change i did locally

data "aws_iam_policy_document" "document" {
  count = var.enabled && var.enable_domain ? 1 : 0
  statement {
    actions   = ["SES:SendEmail", "SES:SendRawEmail"]
    resources = [aws_ses_domain_identity.default[0].arn]
    principals {
      identifiers = var.domain_policy_arns
      type        = "AWS"
    }
  }
}

and the new variable that defaults to the original value

variable "domain_policy_arns" {
  type        = list(string)
  default     = ["*"]
  description = "(Optional) A list of AWS arns allowed to send email through SES."
}