[TEC-84] Terraform Configuration for Amazon SES

environments/dev/ses/main.tf

@@ -0,0 +1,24 @@
+provider "aws" {
+  region = var.region
+}
+
+module "ses" {
+  source            = "../../modules/ses"
+  region            = var.region
+  domain_name       = var.domain_name
+  dkim_record_count = var.dkim_record_count
+  zone_id           = var.zone_id
+  dkim_record_type  = var.dkim_record_type
+  dkim_ttl          = var.dkim_ttl
+  custom_mail       = var.custom_mail
+  spf_mx_record     = var.spf_mx_record
+  spf_txt_record    = var.spf_txt_record
+  spf_ttl           = var.spf_ttl
+  name              = var.name
+  environment       = var.environment
+  owner             = var.owner
+  cost_center       = var.cost_center
+  application       = var.application
+}
+
+

environments/dev/ses/output.tf

@@ -0,0 +1,45 @@
+output "domain_identity_token" {
+  description = "Domain identity tokens"
+  value       = module.ses.domain_identity_token
+}
+
+output "domain_verification" {
+  description = "Verification status of the domain identity"
+  value       = module.ses.domain_verification
+}
+
+output "dkim_tokens" {
+  description = "DKIM tokens for domain identity"
+  value       = module.ses.dkim_tokens
+}
+
+output "domain_mail" {
+  description = "Email address associated with the domain identity"
+  value       = module.ses.domain_mail
+}
+
+output "route53_dkim_fqdn" {
+  description = "FQDN for the Route 53 DKIM DNS record"
+  value       = module.ses.route53_dkim_fqdn
+}
+
+output "route53_spf_mx_fqdn" {
+  description = "FQDN for the Route 53 SPF MX DNS record"
+  value       = module.ses.route53_spf_mx_fqdn
+}
+
+output "route53_spf_txt_fqdn" {
+  description = "FQDN for the Route 53 SPF TXT DNS record"
+  value       = module.ses.route53_spf_txt_fqdn
+}
+
+output "iam_user_name" {
+  description = "IAM user name associated with SES"
+  value       = module.ses.iam_user_name
+}
+
+output "iam_user_policy" {
+  description = "IAM policy associated with the IAM user"
+  value       = module.ses.iam_user_policy
+}
+

environments/dev/ses/variables.tf

@@ -0,0 +1,80 @@
+variable "region" {
+  type        = string
+  description = "Region of the EC2 instance"
+}
+
+variable "domain_name" {
+  type        = string
+  description = "Name of the domain"
+}
+
+variable "dkim_record_count" {
+  type        = number
+  description = "Number of DKIM records to create"
+}
+
+variable "zone_id" {
+  type        = string
+  description = "ID of the DNS zone where records will be added"
+}
+
+variable "dkim_record_type" {
+  type        = string
+  description = "Type of DKIM records to create"
+}
+
+variable "dkim_ttl" {
+  type        = number
+  description = "Time To Live (TTL) for DKIM records"
+}
+
+variable "custom_mail" {
+  type        = string
+  description = "Custom email address to associate with the domain"
+}
+
+variable "spf_mx_record" {
+  type        = string
+  description = "SPF MX record value for domain"
+}
+
+variable "spf_txt_record" {
+  type        = string
+  description = "SPF TXT record value for domain"
+}
+
+variable "spf_ttl" {
+  type        = number
+  description = "Time To Live (TTL) for SPF records"
+}
+
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "Tags to associate with the resources"
+}
+
+variable "name" {
+  type        = string
+  description = "Name of the resource"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment where the resource is deployed"
+}
+
+variable "owner" {
+  type        = string
+  description = "Owner of the resource"
+}
+
+variable "cost_center" {
+  type        = string
+  description = "Cost center responsible for the resource"
+}
+
+variable "application" {
+  type        = string
+  description = "Application to which the resource belongs"
+}

modules/ses/main.tf

@@ -0,0 +1,93 @@
+#Domain Identity
+resource "aws_ses_domain_identity" "domain_identity" {
+  domain = var.domain_name
+}
+
+#Domain Identity Verification
+resource "aws_ses_domain_identity_verification" "domain_verification" {
+  domain = aws_ses_domain_identity.domain_identity.domain
+}
+
+#DKIM Authentication
+resource "aws_ses_domain_dkim" "dkim_authentication" {
+  domain = aws_ses_domain_identity.domain_identity.domain
+}
+
+resource "aws_route53_record" "dkim_record" {
+  count   = var.dkim_record_count
+  zone_id = var.zone_id
+  name    = "${aws_ses_domain_dkim.dkim_authentication.dkim_tokens[count.index]}._domainkey"
+  type    = var.dkim_record_type
+  ttl     = var.dkim_ttl
+  records = ["${aws_ses_domain_dkim.dkim_authentication.dkim_tokens[count.index]}.dkim.amazonses.com"]
+}
+
+#DOMAIN MAIL FROM
+resource "aws_ses_domain_mail_from" "domain_mail" {
+  domain           = aws_ses_domain_identity.domain_identity.domain
+  mail_from_domain = "${var.custom_mail}.${aws_ses_domain_identity.domain_identity.domain}"
+}
+
+#SPF Authentication
+data "aws_region" "current_region" {}
+
+resource "aws_route53_record" "ses_domain_mail_from_mx" {
+  zone_id = var.zone_id
+  name    = aws_ses_domain_mail_from.domain_mail.mail_from_domain
+  type    = var.spf_mx_record
+  ttl     = var.spf_ttl
+  records = [format("10 feedback-smtp.%s.amazonses.com", data.aws_region.current_region.name)]
+}
+
+resource "aws_route53_record" "ses_domain_mail_from_txt" {
+  zone_id = var.zone_id
+  name    = aws_ses_domain_mail_from.domain_mail.mail_from_domain
+  type    = var.spf_txt_record
+  ttl     = var.spf_ttl
+  records = ["v=spf1 include:amazonses.com ~all"]
+}
+
+#SMTP Credentials
+resource "aws_iam_user" "iam_user" {
+  name = "${var.application}-SMTP-user"
+
+  tags = merge(
+    {
+      Name        = var.name
+      Environment = var.environment
+      Owner       = var.owner
+      CostCenter  = var.cost_center
+      Application = var.application
+    },
+    var.tags
+  )
+}
+
+resource "aws_iam_access_key" "access_key" {
+  user = aws_iam_user.iam_user.name
+}
+
+data "aws_iam_policy_document" "ses_iam_policy" {
+  statement {
+    actions   = ["ses:SendRawEmail"]
+    resources = ["*"]
+  }
+}
+
+resource "aws_iam_user_policy" "ses_user_policy" {
+  name   = "ses-user-policy"
+  user   = aws_iam_user.iam_user.name
+  policy = data.aws_iam_policy_document.ses_iam_policy.json
+
+}
+
+
+
+
+
+
+
+
+
+
+

modules/ses/output.tf

@@ -0,0 +1,45 @@
+output "domain_identity_token" {
+  description = "Domain identity tokens"
+  value       = aws_ses_domain_identity.domain_identity.verification_token
+}
+
+output "domain_verification" {
+  description = "Verification status of the domain identity"
+  value       = aws_ses_domain_identity_verification.domain_verification.id
+}
+
+output "dkim_tokens" {
+  description = "DKIM tokens for domain identity"
+  value       = aws_ses_domain_dkim.dkim_authentication.dkim_tokens
+}
+
+output "domain_mail" {
+  description = "Email address associated with the domain identity"
+  value       = aws_ses_domain_mail_from.domain_mail.id
+}
+
+output "route53_dkim_fqdn" {
+  description = "FQDN for the Route 53 DKIM DNS record"
+  value       = aws_route53_record.dkim_record.*.fqdn
+}
+
+output "route53_spf_mx_fqdn" {
+  description = "FQDN for the Route 53 SPF MX DNS record"
+  value       = aws_route53_record.ses_domain_mail_from_mx.fqdn
+}
+
+output "route53_spf_txt_fqdn" {
+  description = "FQDN for the Route 53 SPF TXT DNS record"
+  value       = aws_route53_record.ses_domain_mail_from_txt.fqdn
+}
+
+output "iam_user_name" {
+  description = "IAM user name associated with SES"
+  value       = aws_iam_user.iam_user.name
+}
+
+output "iam_user_policy" {
+  description = "IAM policy associated with the IAM user"
+  value       = aws_iam_user_policy.ses_user_policy.name
+}
+

modules/ses/variables.tf

@@ -0,0 +1,80 @@
+variable "region" {
+  type        = string
+  description = "Region of the EC2 instance"
+}
+
+variable "domain_name" {
+  type        = string
+  description = "Name of the domain"
+}
+
+variable "dkim_record_count" {
+  type        = number
+  description = "Number of DKIM records to create"
+}
+
+variable "zone_id" {
+  type        = string
+  description = "ID of the DNS zone where records will be added"
+}
+
+variable "dkim_record_type" {
+  type        = string
+  description = "Type of DKIM records to create"
+}
+
+variable "dkim_ttl" {
+  type        = number
+  description = "Time To Live (TTL) for DKIM records"
+}
+
+variable "custom_mail" {
+  type        = string
+  description = "Custom email address to associate with the domain"
+}
+
+variable "spf_mx_record" {
+  type        = string
+  description = "SPF MX record value for domain"
+}
+
+variable "spf_txt_record" {
+  type        = string
+  description = "SPF TXT record value for domain"
+}
+
+variable "spf_ttl" {
+  type        = number
+  description = "Time To Live (TTL) for SPF records"
+}
+
+variable "tags" {
+  default     = {}
+  type        = map(string)
+  description = "Tags to associate with the resources"
+}
+
+variable "name" {
+  type        = string
+  description = "Name of the resource"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment where the resource is deployed"
+}
+
+variable "owner" {
+  type        = string
+  description = "Owner of the resource"
+}
+
+variable "cost_center" {
+  type        = string
+  description = "Cost center responsible for the resource"
+}
+
+variable "application" {
+  type        = string
+  description = "Application to which the resource belongs"
+}

vars/dev/ses.tfvars

@@ -0,0 +1,18 @@
+#SES variables
+region            = "us-west-2"
+domain_name       = "devopsproject.dev"
+dkim_record_count = 3
+zone_id           = "Z044775511DCQ7IHFO1WH"
+dkim_record_type  = "CNAME"
+dkim_ttl          = "1800"
+custom_mail       = "email"
+spf_mx_record     = "MX"
+spf_txt_record    = "TXT"
+spf_ttl           = "300"
+
+# Tag Keys
+name        = ""
+owner       = "techiescamp"
+environment = ""
+cost_center = "techiescamp-commerce"
+application = "pet-clinic"