mooyoul / aws-cdk-ses-domain-identity Goto Github PK

Hi,

I think the DnsValidatedDomainIdentity class is missing a property for getting the ARN of the created resource, e.g. something like the following:

const sesDomain = new DnsValidatedDomainIdentity(this, `example-domain`, {...});
sesDomain.dnsValidatedDomainIdentityArn #=> arn:aws:ses:eu-central-1:0000000000000:identity/example.com

I like to use this ARN within an iam.PolicyStatement as a resource to limit the action ses:SendRawEmail to only the domain I just created.

It can be created manually as only the domain needs to be added, however it would be easier to have this automatism.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (@prescott)

So I've got a bit of weird use case where we split inbound/outbound email domains and as such I already have a defined TXT record that should only be appended with the SES supplied value as opposed to being created completely fresh. For now I'm stuck doing this manually due to time constraints but if I get some free time I'll see about extending this for that scenario. Very needed project, can't wait to see this functionality more fleshed out in time.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Other Branches

These updates are pending. To force PRs open, click the checkbox below.

• chore(deps): lock file maintenance

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

CDK v2 is the current stable version and requires some minor changes (making use of the new 'constructs' package in particular).

https://docs.aws.amazon.com/cdk/v2/guide/migrating-v2.html

For some reason when using this construct I found myself with my stack in a UPDATE_ROLLBACK_FAILED state with the DomainIdentityIdentityRequestorResource3CDC595E having a status of UPDATE_FAILED with message

Received response status [FAILED] from custom resource. 
Message returned: 
Invalid request: Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found none in Change with [Action=DELETE, Name=[random-name].[domain], Type=CNAME, SetIdentifier=null] (RequestId: d6163589-02ac-4729-9d97-895553e364c6)

It looks like maybe the API call has changed and Record.action needs to be updated?

Hey there,

after waiting for the DKIM verification for quite some time, the Lambdas times out.
After that, CloudFormation tries calling the Lambda again, the Lambda tries settings entries it has already set and fails.

I'm not quite sure how to best approach this (changing the logic of the DKIM Verification, or updating the Lambda to respect entries created in the previous run), however if you've decided on how you'd fix this, I'm happy to open a Pull Request.

As you are probably aware, AWS SDK v2 is not included in the latest Node runtimes. From what I see, the lambda code is still using the v2 version instead of v3, and the custom resource fails to run with the following error:

{
    "errorType": "Runtime.ImportModuleError",
    "errorMessage": "Error: Cannot find module 'aws-sdk/clients/route53'\nRequire stack:\n- /var/task/verifier.js\n- /var/task/handlers/create.js\n- /var/task/handlers/index.js\n- /var/task/index.js\n- /var/runtime/index.mjs",
    "stack": [
        "Runtime.ImportModuleError: Error: Cannot find module 'aws-sdk/clients/route53'",
        "Require stack:",
        "- /var/task/verifier.js",
        "- /var/task/handlers/create.js",
        "- /var/task/handlers/index.js",
        "- /var/task/index.js",
        "- /var/runtime/index.mjs",
        "    at _loadUserApp (file:///var/runtime/index.mjs:1087:17)",
        "    at async UserFunction.js.module.exports.load (file:///var/runtime/index.mjs:1119:21)",
        "    at async start (file:///var/runtime/index.mjs:1282:23)",
        "    at async file:///var/runtime/index.mjs:1288:1"
    ]
}

As there currently is no way to deploy the construct in the current state, I think a short-term fix would be to provide a 2.1.1 release with Node 16 runtime (as it's still supported until June). A longer-term and simple option would be to bundle the v2 SDK. Finally, the harder option would be a complete upgrade.

I'll see if I can get a PR started for the upgrade.

I am validating the same domain (my.domain.com) in multiple regions. However, each region tries to create a TXT record for _amazonses.my.domain.com. The first stack completes successfully, then the second stack (in another region) fails with the following message:

Received response status [FAILED] from custom resource. Message returned: [Tried to create resource record set [name='_amazonses.my.domain.com.', type='TXT'] but it already exists]

AWS docs say to create a multi-value TXT record (here).

I would be happy to submit a PR to handle the situation when a TXT record already exists, adding another value to the record. Let me know if this would be alright.

When deleting the stack, the construct needs to delete its records

The specified hosted zone contains non-required resource record sets and so cannot be deleted. (Service: Route53, Status Code: 400, Request ID: bcd48189-1ac3-4ea3-8976-a264ff567e44, Extended Request ID: null)

Node14 has reached EOL and AWS lambda will stop supporting this runtime on Feb 8, 2024

See: https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy

After this date, lambda functions using NodeJS 14 cannot be created, and shortly after that, functions cannot be updated. We need to bump the version used in this package to NodeJS 18