Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/trussworks/terraform-aws-ses-domain
Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).
https://github.com/trussworks/terraform-aws-ses-domain
aws aws-ses ses terraform terraform-modules
Last synced: 4 months ago
JSON representation
Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).
- Host: GitHub
- URL: https://github.com/trussworks/terraform-aws-ses-domain
- Owner: trussworks
- License: bsd-3-clause
- Created: 2018-09-24T20:50:37.000Z (over 6 years ago)
- Default Branch: main
- Last Pushed: 2023-06-08T19:34:33.000Z (over 1 year ago)
- Last Synced: 2024-09-27T19:20:39.749Z (4 months ago)
- Topics: aws, aws-ses, ses, terraform, terraform-modules
- Language: HCL
- Homepage: https://registry.terraform.io/modules/trussworks/ses-domain
- Size: 341 KB
- Stars: 60
- Watchers: 5
- Forks: 44
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).
## Prerequisites
- Ensure [terraform](https://www.terraform.io/intro/getting-started/install.html) is installed
- Ensure domain is registered in [route53](https://aws.amazon.com/route53/)
- Ensure an s3 bucket exists and SES has write permissions to it
- If you have an existing rule set you can skip creating the dependent resource
- Route53 zone id can be obtained by looking up the domain in route53 service## Getting Started
1. Import the module called `ses_domain` and update its source property to `trussworks/ses-domain/aws` and run `terrafrom init`
2. The next step is to configure the module with [minimum values](#usage) for SES to start working
3. Once fully configured run `terraform plan` to see the execution plan and `terrafrom apply` to stand up SESCreates the following resources:
- MX record pointing to AWS's SMTP endpoint
- TXT record for SPF validation
- Custom MAIL FROM domain
- CNAME records for DKIM verification
- SES Verfication for the domain### NOTES
- SES is only available in a [limited number of AWS Regions](https://docs.aws.amazon.com/general/latest/gr/ses.html).
- SES out of the box locks the service in development mode; please see this documentation on how to make it production ready. Until the service is in production mode you can only send emails to confirmed email accounts denoted in `from_addresses`## Usage
See [examples](examples/) for functional examples on how to use this module.
```hcl
module "ses_domain" {
source = "trussworks/ses-domain/aws"
domain_name = "example.com"
mail_from_domain = "email.example.com"
route53_zone_id = data.aws_route53_zone.ses_domain.zone_id
from_addresses = ["[email protected]", "[email protected]"]
dmarc_rua = "[email protected]"
receive_s3_bucket = "S3_bucket_with_write_permissions"
receive_s3_prefix = "path_to_store_received_emails"
ses_rule_set = "name-of-the-ruleset"
}resource "aws_ses_receipt_rule_set" "name-of-the-ruleset" {
rule_set_name = "name-of-the-ruleset"
}data "aws_route53_zone" "ses_domain" {
name = "example.com"
}
```## Requirements
| Name | Version |
|------|---------|
| terraform | >= 1.0 |
| aws | >= 3.0 |## Providers
| Name | Version |
|------|---------|
| aws | >= 3.0 |## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_route53_record.dkim](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.mx_receive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.mx_send_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.spf_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_route53_record.txt_dmarc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_ses_receipt_rule.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_receipt_rule) | resource |
| [aws_sesv2_email_identity.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity) | resource |
| [aws_sesv2_email_identity_mail_from_attributes.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity_mail_from_attributes) | resource |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| dmarc\_p | DMARC Policy for organizational domains (none, quarantine, reject). | `string` | `"none"` | no |
| dmarc\_rua | DMARC Reporting URI of aggregate reports, expects an email address. | `string` | n/a | yes |
| domain\_name | The domain name to configure SES. | `string` | n/a | yes |
| enable\_dmarc | Control whether to create DMARC TXT record. | `bool` | `true` | no |
| enable\_incoming\_email | Control whether or not to handle incoming emails. | `bool` | `true` | no |
| enable\_spf\_record | Control whether or not to set SPF records. | `bool` | `true` | no |
| from\_addresses | List of email addresses to catch bounces and rejections. | `list(string)` | `null` | no |
| mail\_from\_domain | Subdomain (of the route53 zone) which is to be used as MAIL FROM address | `string` | n/a | yes |
| receive\_s3\_bucket | Name of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no |
| receive\_s3\_kms\_key\_arn | The ARN of the KMS key for S3 objects of received emails (effective if enable\_incoming\_email is true). | `string` | `null` | no |
| receive\_s3\_prefix | The key prefix of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no |
| route53\_zone\_id | Route53 host zone ID to enable SES. | `string` | n/a | yes |
| ses\_rule\_set | Name of the SES rule set to associate rules with. | `string` | n/a | yes |## Outputs
| Name | Description |
|------|-------------|
| ses\_identity\_arn | SES identity ARN. |## Developer Setup
Install dependencies (macOS)
```shell
brew install pre-commit go terraform terraform-docs
```