add AWS SES to aws.vjpatel.me (#100)

VJftw · Jul 13, 2024 · cac09e7 · cac09e7
1 parent 24aa733
commit cac09e7
Show file tree

Hide file tree

Showing 8 changed files with 130 additions and 0 deletions.
diff --git a/deployment/management/email/BUILD b/deployment/management/email/BUILD
@@ -0,0 +1,19 @@
+subinclude("//build/defs:terraform")
+
+terraform_root(
+    name = "aws",
+    srcs = [
+        "main.tf",
+    ],
+    account_auths = {
+        "//accounts/aws:vjp-dns_auth": {
+            "branches": {
+                "main": "administrator",
+            },
+            "pull_request": "reader",
+        },
+    },
+    modules = [
+        "//modules/email/aws:aws",
+    ],
+)
diff --git a/deployment/management/email/main.tf b/deployment/management/email/main.tf
@@ -0,0 +1,21 @@
+provider "aws" {
+  profile = "vjp-dns"
+  region  = "eu-west-1"
+}
+
+data "aws_route53_zone" "test" {
+  name         = "aws.vjpatel.me"
+  private_zone = false
+}
+
+
+module "email" {
+  source = "//modules/email/aws:aws"
+
+  providers = {
+    aws = aws
+  }
+
+  domain = data.aws_route53_zone.test.name
+  zone_id = data.aws_route53_zone.test.zone_id
+}
diff --git a/modules/email/aws/BUILD b/modules/email/aws/BUILD
@@ -0,0 +1,7 @@
+subinclude("//build/defs:terraform")
+
+terraform_module(
+    name = "aws",
+    srcs = glob(["*"]),
+    visibility = ["//deployment/management/..."],
+)
diff --git a/modules/email/aws/dmarc.tf b/modules/email/aws/dmarc.tf
@@ -0,0 +1,27 @@
+// DMARC via SPF
+resource "aws_route53_record" "dmarc" {
+  zone_id = var.zone_id
+
+  name = "_dmarc.${var.domain}"
+  type = "TXT"
+  ttl  = "300"
+
+  records = [
+    "v=DMARC1; p=quarantine; rua=mailto:dmarc@${var.domain}"
+  ]
+}
+
+// DMARC via DKIM
+resource "aws_ses_domain_dkim" "this" {
+  domain = aws_ses_domain_identity.this.domain
+}
+
+resource "aws_route53_record" "dkim_record" {
+  count   = 3
+
+  zone_id = var.zone_id
+  name    = "${aws_ses_domain_dkim.this.dkim_tokens[count.index]}._domainkey"
+  type    = "CNAME"
+  ttl     = "600"
+  records = ["${aws_ses_domain_dkim.this.dkim_tokens[count.index]}.dkim.amazonses.com"]
+}
diff --git a/modules/email/aws/domain.tf b/modules/email/aws/domain.tf
@@ -0,0 +1,17 @@
+resource "aws_ses_domain_identity" "this" {
+  domain = var.domain
+}
+
+resource "aws_ses_domain_identity_verification" "this" {
+  domain = aws_ses_domain_identity.this.id
+
+  depends_on = [aws_route53_record.verification_record]
+}
+
+resource "aws_route53_record" "verification_record" {
+  zone_id = var.zone_id
+  name    = "_amazonses.${aws_ses_domain_identity.this.id}"
+  type    = "TXT"
+  ttl     = "600"
+  records = [aws_ses_domain_identity.this.verification_token]
+}
diff --git a/modules/email/aws/mail-from.tf b/modules/email/aws/mail-from.tf
@@ -0,0 +1,20 @@
+resource "aws_ses_domain_mail_from" "this" {
+  domain           = aws_ses_domain_identity.this.domain
+  mail_from_domain = "bounce.${aws_ses_domain_identity.this.domain}"
+}
+
+resource "aws_route53_record" "domain_mail_from_mx" {
+  zone_id = var.zone_id
+  name    = aws_ses_domain_mail_from.this.mail_from_domain
+  type    = "MX"
+  ttl     = "600"
+  records = ["10 feedback-smtp.${data.aws_region.current.name}.amazonses.com"]
+}
+
+resource "aws_route53_record" "domain_mail_from_txt" {
+  zone_id = var.zone_id
+  name    = aws_ses_domain_mail_from.this.mail_from_domain
+  type    = "TXT"
+  ttl     = "600"
+  records = ["v=spf1 include:amazonses.com ~all"]
+}
diff --git a/modules/email/aws/main.tf b/modules/email/aws/main.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+data "aws_region" "current" {}
diff --git a/modules/email/aws/variables.tf b/modules/email/aws/variables.tf
@@ -0,0 +1,9 @@
+variable "domain" {
+  type = string
+  description = "The domain to set up and configure email for."
+}
+
+variable "zone_id" {
+  type = string
+  description = "The Route 53 Zone ID to add records to."
+}