-
Notifications
You must be signed in to change notification settings - Fork 24
/
main.tf
206 lines (166 loc) · 6.41 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
## Managed By : CloudDrove
## Description : This Script is used to create SES Domain Identity, Identity Verification, Domain Dkim And Verification With Route53.
## Copyright @ CloudDrove. All Right Reserved.
locals {
# some ses resources don't allow for the terminating '.' in the domain name
# so use a replace function to strip it out
stripped_mail_from_domain = replace(var.mail_from_domain, "/[.]$/", "")
}
module "labels" {
source = "clouddrove/labels/aws"
version = "1.3.0"
name = var.name
environment = var.environment
managedby = var.managedby
label_order = var.label_order
repository = var.repository
}
#Module : DOMAIN IDENTITY
#Description : Terraform module to create domain identity using domain
resource "aws_ses_domain_identity" "default" {
count = var.enabled && var.enable_domain ? 1 : 0
domain = var.domain
}
#Module : EMAIL IDENTITY
#Description : Terraform module to create Emails identity using domain
resource "aws_ses_email_identity" "default" {
count = var.enabled && var.enable_email ? length(var.emails) : 0
email = var.emails[count.index]
}
# Module : DOMAIN DKIM
# Description : Terraform module which creates Domain DKIM resource on AWS
resource "aws_ses_domain_dkim" "default" {
count = var.enabled && var.enable_domain ? 1 : 0
domain = aws_ses_domain_identity.default[0].domain
}
###DKIM VERIFICATION#######
#Module : DOMAIN DKIM VERIFICATION
#Description : Terraform module to verify domain DKIM on AWS
resource "aws_route53_record" "dkim" {
count = var.enabled && var.zone_id != "" ? 3 : 0
zone_id = var.zone_id
name = format("%s._domainkey.%s", element(aws_ses_domain_dkim.default[0].dkim_tokens, count.index), var.domain)
type = var.cname_type
ttl = 600
records = [format("%s.dkim.amazonses.com", element(aws_ses_domain_dkim.default[0].dkim_tokens, count.index))]
}
###SES MAIL FROM DOMAIN#######
#Module : DOMAIN MAIL FROM
#Description : Terraform module to create domain mail from on AWS
resource "aws_ses_domain_mail_from" "default" {
count = var.enable_domain && var.enabled && var.enable_mail_from ? 1 : 0
domain = aws_ses_domain_identity.default[count.index].domain
mail_from_domain = local.stripped_mail_from_domain
}
###SPF validaton record#######
#Module : SPF RECORD
#Description : Terraform module to create record of SPF for domain mail from
resource "aws_route53_record" "spf_mail_from" {
count = var.enabled && var.enable_mail_from ? 1 : 0
zone_id = var.zone_id
name = aws_ses_domain_mail_from.default[count.index].mail_from_domain
type = var.txt_type
ttl = "600"
records = ["v=spf1 include:amazonses.com -all"]
}
#Module : SPF RECORD
#Description : Terraform module to create record of SPF for domain
resource "aws_route53_record" "spf_domain" {
count = var.enabled && var.enable_spf_domain && var.zone_id != "" ? 1 : 0
zone_id = var.zone_id
name = var.spf_domain_name
type = var.txt_type
ttl = "600"
records = ["v=spf1 include:amazonses.com -all"]
}
###Sending MX Record#######
data "aws_region" "current" {}
#Module : MX RECORD
#Description : Terraform module to create record of MX for domain mail from
resource "aws_route53_record" "mx_send_mail_from" {
count = var.enabled && var.zone_id != "" && var.enable_mail_from ? 1 : 0
zone_id = var.zone_id
name = aws_ses_domain_mail_from.default[count.index].mail_from_domain
type = var.mx_type
ttl = "600"
records = [format("10 feedback-smtp.%s.amazonses.com", data.aws_region.current.name)]
}
###Receiving MX Record#######
#Module : MX RECORD
#Description : Terraform module to create record of MX for receipt
resource "aws_route53_record" "mx_receive" {
count = var.enabled && var.enable_mx && var.zone_id != "" ? 1 : 0
zone_id = var.zone_id
name = module.labels.id
type = var.mx_type
ttl = "600"
records = [format("10 inbound-smtp.%s.amazonaws.com", data.aws_region.current.name)]
}
#Module : SES FILTER
#Description : Terraform module to create receipt filter on AWS
resource "aws_ses_receipt_filter" "default" {
count = var.enabled && var.enable_filter ? 1 : 0
name = module.labels.id
cidr = var.filter_cidr
policy = var.filter_policy
}
#Module : SES BUCKET POLICY
#Description : Document of Policy to create Identity policy of SES
data "aws_iam_policy_document" "document" {
count = var.enabled && var.enable_domain ? 1 : 0
statement {
actions = ["SES:SendEmail", "SES:SendRawEmail"]
resources = [aws_ses_domain_identity.default[0].arn]
principals {
identifiers = ["*"]
type = "AWS"
}
}
}
#Module : SES IDENTITY POLICY
#Description : Terraform module to create ses identity policy on AWS
resource "aws_ses_identity_policy" "default" {
count = var.enable_domain && var.enabled && var.enable_policy ? 1 : 0
identity = aws_ses_domain_identity.default[count.index].arn
name = module.labels.id
policy = data.aws_iam_policy_document.document[0].json
}
#Module : SES TEMPLATE
#Description : Terraform module to create template on AWS
resource "aws_ses_template" "default" {
count = var.enabled && var.enable_template ? 1 : 0
name = module.labels.id
subject = var.template_subject
html = var.template_html
text = var.text
}
###SMTP DETAILS#######
# Module : IAM USER
# Description : Terraform module which creates SMTP Iam user resource on AWS
resource "aws_iam_user" "default" {
count = var.enabled && var.iam_name != "" ? 1 : 0
name = var.iam_name
}
# Module : IAM ACCESS KEY
# Description : Terraform module which creates SMTP Iam access key resource on AWS
resource "aws_iam_access_key" "default" {
count = var.enabled && var.iam_name != "" ? 1 : 0
user = join("", aws_iam_user.default[*].name)
}
# Module : IAM USER POLICY
# Description : Terraform module which creates SMTP Iam user policy resource on AWS
resource "aws_iam_user_policy" "default" {
count = var.enabled && var.iam_name != "" ? 1 : 0
name = module.labels.id
user = join("", aws_iam_user.default[*].name)
policy = data.aws_iam_policy_document.allow_iam_name_to_send_emails.json
}
# Module : IAM USER POLICY DOCUMENT
# Description : Terraform module which creates SMTP Iam user policy document resource on AWS
#tfsec:ignore:aws-iam-no-policy-wildcards
data "aws_iam_policy_document" "allow_iam_name_to_send_emails" {
statement {
actions = ["ses:SendRawEmail"]
resources = ["*"]
}
}