more email infra
This commit is contained in:
parent
bd8a817484
commit
d15f0d430f
2 changed files with 48 additions and 0 deletions
|
|
@ -82,6 +82,33 @@ resource "aws_s3_bucket_public_access_block" "email_storage" {
|
||||||
restrict_public_buckets = true
|
restrict_public_buckets = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# S3 bucket policy to allow SES to write emails
|
||||||
|
resource "aws_s3_bucket_policy" "email_storage" {
|
||||||
|
bucket = aws_s3_bucket.email_storage.id
|
||||||
|
|
||||||
|
policy = jsonencode({
|
||||||
|
Version = "2012-10-17"
|
||||||
|
Statement = [
|
||||||
|
{
|
||||||
|
Sid = "AllowSESToWriteEmails"
|
||||||
|
Effect = "Allow"
|
||||||
|
Principal = {
|
||||||
|
Service = "ses.amazonaws.com"
|
||||||
|
}
|
||||||
|
Action = [
|
||||||
|
"s3:PutObject"
|
||||||
|
]
|
||||||
|
Resource = "${aws_s3_bucket.email_storage.arn}/*"
|
||||||
|
Condition = {
|
||||||
|
StringEquals = {
|
||||||
|
"aws:Referer" = var.aws_account_id
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
# SES Domain identity for 127local.net
|
# SES Domain identity for 127local.net
|
||||||
resource "aws_ses_domain_identity" "calculator" {
|
resource "aws_ses_domain_identity" "calculator" {
|
||||||
domain = var.domain_name
|
domain = var.domain_name
|
||||||
|
|
@ -102,6 +129,15 @@ resource "aws_route53_record" "ses_dkim" {
|
||||||
records = ["${element(aws_ses_domain_dkim.calculator.dkim_tokens, count.index)}.dkim.amazonses.com"]
|
records = ["${element(aws_ses_domain_dkim.calculator.dkim_tokens, count.index)}.dkim.amazonses.com"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# MX record for email receiving
|
||||||
|
resource "aws_route53_record" "ses_mx" {
|
||||||
|
zone_id = var.route53_zone_id
|
||||||
|
name = var.domain_name
|
||||||
|
type = "MX"
|
||||||
|
ttl = "300"
|
||||||
|
records = ["10 inbound-smtp.us-west-2.amazonaws.com"]
|
||||||
|
}
|
||||||
|
|
||||||
# SES Email receiving rule set
|
# SES Email receiving rule set
|
||||||
resource "aws_ses_receipt_rule_set" "calculator" {
|
resource "aws_ses_receipt_rule_set" "calculator" {
|
||||||
rule_set_name = "calculator-main-rule-set"
|
rule_set_name = "calculator-main-rule-set"
|
||||||
|
|
@ -210,6 +246,13 @@ resource "aws_iam_role_policy" "lambda_policy" {
|
||||||
]
|
]
|
||||||
Resource = "${aws_s3_bucket.email_storage.arn}/*"
|
Resource = "${aws_s3_bucket.email_storage.arn}/*"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Effect = "Allow"
|
||||||
|
Action = [
|
||||||
|
"s3:ListBucket"
|
||||||
|
]
|
||||||
|
Resource = aws_s3_bucket.email_storage.arn
|
||||||
|
},
|
||||||
{
|
{
|
||||||
Effect = "Allow"
|
Effect = "Allow"
|
||||||
Action = [
|
Action = [
|
||||||
|
|
|
||||||
|
|
@ -18,3 +18,8 @@ variable "route53_zone_id" {
|
||||||
description = "Route53 hosted zone ID for the domain"
|
description = "Route53 hosted zone ID for the domain"
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "aws_account_id" {
|
||||||
|
description = "AWS Account ID for SES S3 bucket policy"
|
||||||
|
type = string
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue