-
Notifications
You must be signed in to change notification settings - Fork 2
/
email.tf
64 lines (55 loc) · 2.47 KB
/
email.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
/**
* @fileoverview This Terraform file sets up AWS Simple Email Service (SES) domain identity and related resources for
* the service domain. It includes the configuration of the SES domain identity, mail from domain, Route53 records for
* domain verification, DKIM, SPF, and mail from.
*
* The main components of this file include:
* 1. AWS SES Domain Identity: Creates an SES domain identity for the specified service domain.
* 2. AWS SES Domain Mail From: Configures the mail from domain for the SES domain identity.
* 3. AWS Route53 TXT Record: Sets up the Amazon SES domain verification record in Route53.
* 4. AWS SES Domain DKIM: Generates DKIM tokens for the SES domain identity.
* 5. AWS Route53 CNAME Records: Configures the Route53 records for the SES domain DKIM tokens.
* 6. AWS Route53 TXT Records: Sets up SPF records for the mail from domain and the service domain in Route53.
*/
resource "aws_ses_domain_identity" "ses_domain" {
domain = local.config.SERVICE_DOMAIN
}
resource "aws_ses_domain_mail_from" "main" {
domain = aws_ses_domain_identity.ses_domain.domain
mail_from_domain = "mail.${local.config.SERVICE_DOMAIN}"
}
resource "aws_route53_record" "amazonses_verification_record" {
zone_id = aws_route53_zone.service-zone.zone_id
name = "_amazonses.${local.config.SERVICE_DOMAIN}"
type = "TXT"
ttl = "600"
records = [join("", aws_ses_domain_identity.ses_domain.*.verification_token)]
}
resource "aws_ses_domain_dkim" "ses_domain_dkim" {
domain = join("", aws_ses_domain_identity.ses_domain.*.domain)
}
resource "aws_route53_record" "amazonses_dkim_record" {
count = 3
zone_id = aws_route53_zone.service-zone.zone_id
name = "${element(aws_ses_domain_dkim.ses_domain_dkim.dkim_tokens, count.index)}._domainkey.${local.config.SERVICE_DOMAIN}"
type = "CNAME"
ttl = "600"
records = ["${element(aws_ses_domain_dkim.ses_domain_dkim.dkim_tokens, count.index)}.dkim.amazonses.com"]
}
resource "aws_route53_record" "spf_mail_from" {
zone_id = aws_route53_zone.service-zone.zone_id
name = aws_ses_domain_mail_from.main.mail_from_domain
type = "TXT"
ttl = "600"
records = ["v=spf1 include:amazonses.com -all"]
}
resource "aws_route53_record" "spf_domain" {
zone_id = aws_route53_zone.service-zone.zone_id
name = local.config.SERVICE_DOMAIN
type = "TXT"
ttl = "600"
records = ["v=spf1 include:amazonses.com -all"]
}
resource "aws_ses_email_identity" "owner_email" {
email = var.owner_email
}