Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/trussworks/terraform-aws-ses-domain

Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).
https://github.com/trussworks/terraform-aws-ses-domain

aws aws-ses ses terraform terraform-modules

Last synced: about 4 hours ago
JSON representation

Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).

Awesome Lists containing this project

README 

        
Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).



## Prerequisites



- Ensure [terraform](https://www.terraform.io/intro/getting-started/install.html) is installed

- Ensure domain is registered in [route53](https://aws.amazon.com/route53/)

- Ensure an s3 bucket exists and SES has write permissions to it

- If you have an existing rule set you can skip creating the dependent resource

- Route53 zone id can be obtained by looking up the domain in route53 service



## Getting Started



1. Import the module called `ses_domain` and update its source property to `trussworks/ses-domain/aws` and run `terrafrom init`

2. The next step is to configure the module with [minimum values](#usage) for SES to start working

3. Once fully configured run `terraform plan` to see the execution plan and `terrafrom apply` to stand up SES



Creates the following resources:



- MX record pointing to AWS's SMTP endpoint

- TXT record for SPF validation

- Custom MAIL FROM domain

- CNAME records for DKIM verification

- SES Verfication for the domain



### NOTES



- SES is only available in a [limited number of AWS Regions](https://docs.aws.amazon.com/general/latest/gr/ses.html).

- SES out of the box locks the service in development mode; please see this documentation on how to make it production ready. Until the service is in production mode you can only send emails to confirmed email accounts denoted in `from_addresses`



## Usage



See [examples](examples/) for functional examples on how to use this module.



```hcl

module "ses_domain" {

  source             = "trussworks/ses-domain/aws"

  domain_name        = "example.com"

  mail_from_domain   = "email.example.com"

  route53_zone_id    = data.aws_route53_zone.ses_domain.zone_id

  from_addresses     = ["[email protected]", "[email protected]"]

  dmarc_rua          = "[email protected]"

  receive_s3_bucket  = "S3_bucket_with_write_permissions"

  receive_s3_prefix  = "path_to_store_received_emails"

  ses_rule_set       = "name-of-the-ruleset"

}



resource "aws_ses_receipt_rule_set" "name-of-the-ruleset" {

  rule_set_name = "name-of-the-ruleset"

}



data "aws_route53_zone" "ses_domain" {

  name = "example.com"

}

```



## Requirements



| Name | Version |

|------|---------|

| terraform | >= 1.0 |

| aws | >= 3.0 |



## Providers



| Name | Version |

|------|---------|

| aws | >= 3.0 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [aws_route53_record.dkim](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.mx_receive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.mx_send_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.spf_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_route53_record.txt_dmarc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |

| [aws_ses_receipt_rule.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_receipt_rule) | resource |

| [aws_sesv2_email_identity.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity) | resource |

| [aws_sesv2_email_identity_mail_from_attributes.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity_mail_from_attributes) | resource |

| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

| dmarc\_p | DMARC Policy for organizational domains (none, quarantine, reject). | `string` | `"none"` | no |

| dmarc\_rua | DMARC Reporting URI of aggregate reports, expects an email address. | `string` | n/a | yes |

| domain\_name | The domain name to configure SES. | `string` | n/a | yes |

| enable\_dmarc | Control whether to create DMARC TXT record. | `bool` | `true` | no |

| enable\_incoming\_email | Control whether or not to handle incoming emails. | `bool` | `true` | no |

| enable\_spf\_record | Control whether or not to set SPF records. | `bool` | `true` | no |

| from\_addresses | List of email addresses to catch bounces and rejections. | `list(string)` | `null` | no |

| mail\_from\_domain | Subdomain (of the route53 zone) which is to be used as MAIL FROM address | `string` | n/a | yes |

| receive\_s3\_bucket | Name of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no |

| receive\_s3\_kms\_key\_arn | The ARN of the KMS key for S3 objects of received emails (effective if enable\_incoming\_email is true). | `string` | `null` | no |

| receive\_s3\_prefix | The key prefix of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no |

| route53\_zone\_id | Route53 host zone ID to enable SES. | `string` | n/a | yes |

| ses\_rule\_set | Name of the SES rule set to associate rules with. | `string` | n/a | yes |



## Outputs



| Name | Description |

|------|-------------|

| ses\_identity\_arn | SES identity ARN. |



## Developer Setup



Install dependencies (macOS)



```shell

brew install pre-commit go terraform terraform-docs

```