Mg/ses terraform (#214)

* add ses domain and email address verification

terraform/environments/production/locals.tf

@@ -0,0 +1,3 @@
+locals {
+  email = "info@${var.email_domain}"
+}

terraform/environments/production/main.tf

@@ -19,11 +19,13 @@ provider "aws" {
   region = "us-west-2"
 }
 
+# ------------------------------------------------------------------
 module "iam" {
   source                             = "../../modules/iam"
   cloudwatch_lambda_logs_policy_name = var.cloudwatch_lambda_logs_policy_name
 }
 
+# ------------------------------------------------------------------
 module "s3" {
   source          = "../../modules/s3"
   allowed_origins = [var.sdc_domain]
@@ -38,6 +40,7 @@ module "s3" {
   s3_images_bucket_name = var.s3_images_bucket_name
 }
 
+# ------------------------------------------------------------------
 module "parameter_store" {
   source = "../../modules/parameter_store"
 
@@ -54,6 +57,7 @@ module "parameter_store" {
   lambda_secret_key_name = var.lambda_secret_key_name
 }
 
+# ------------------------------------------------------------------
 # Lambda functions, could encapsulate in another module for all lambda functions 
 module "cronMailing" {
   source = "../../modules/lambda" # essentially wraps around a lambda 
@@ -76,3 +80,11 @@ module "cronMailing_eventbridge" {
   target_arn          = module.cronMailing.lambda_function_arn
   target_id           = module.cronMailing.lambda_function_name
 }
+# ------------------------------------------------------------------
+# SES
+module "ses" {
+  env          = var.env
+  source       = "../../modules/ses"
+  email        = local.email
+  email_domain = var.email_domain
+}

terraform/environments/production/variables.tf

@@ -8,6 +8,12 @@ variable "sdc_domain" {
   type        = string
 }
 
+variable "email_domain" {
+  description = "Email address for SES"
+  default     = "socialdiversity.org"
+  type        = string
+}
+
 # should add variable condition checks to limit configuration discrepencies
 # ------------------------------------------------------------------
 # IAM
@@ -110,3 +116,9 @@ variable "lambda_secret_key_name" {
   default     = "LAMBDA_SECRET_KEY"
   type        = string
 }
+
+variable "env" {
+  description = "environment value for internal terraform use"
+  default     = "production"
+  type        = string
+}

terraform/environments/staging/locals.tf

@@ -0,0 +1,3 @@
+locals {
+  email = "socialdiversity@${var.email_domain}"
+}

terraform/environments/staging/main.tf

@@ -19,11 +19,13 @@ provider "aws" {
   region = "us-east-1"
 }
 
+# ------------------------------------------------------------------
 module "iam" {
   source                             = "../../modules/iam"
   cloudwatch_lambda_logs_policy_name = var.cloudwatch_lambda_logs_policy_name
 }
 
+# ------------------------------------------------------------------
 module "s3" {
   source          = "../../modules/s3"
   allowed_origins = ["http://localhost:3000", var.sdc_domain, var.sdc_pr_domain]
@@ -38,6 +40,7 @@ module "s3" {
   s3_images_bucket_name = var.s3_images_bucket_name
 }
 
+# ------------------------------------------------------------------
 module "parameter_store" {
   source = "../../modules/parameter_store"
 
@@ -54,6 +57,7 @@ module "parameter_store" {
   lambda_secret_key_name = var.lambda_secret_key_name
 }
 
+# ------------------------------------------------------------------
 # Lambda functions, could encapsulate in another module for all lambda functions 
 module "cronMailing" {
   source = "../../modules/lambda" # essentially wraps around a lambda 
@@ -76,3 +80,13 @@ module "cronMailing_eventbridge" {
   target_arn          = module.cronMailing.lambda_function_arn
   target_id           = module.cronMailing.lambda_function_name
 }
+
+# ------------------------------------------------------------------
+# SES
+
+module "ses" {
+  env          = var.env
+  source       = "../../modules/ses"
+  email        = local.email
+  email_domain = var.email_domain
+}

terraform/environments/staging/variables.tf

@@ -14,6 +14,14 @@ variable "sdc_pr_domain" {
   type        = string
 }
 
+# ------------------------------------------------------------------
+# SES
+variable "email_domain" {
+  description = "Email address for SES"
+  default     = "uwblueprint.org"
+  type        = string
+}
+
 # should add variable condition checks to limit configuration discrepencies
 # ------------------------------------------------------------------
 # IAM
@@ -116,3 +124,9 @@ variable "lambda_secret_key_name" {
   default     = "LAMBDA_SECRET_KEY"
   type        = string
 }
+
+variable "env" {
+  description = "environment value for internal terraform use"
+  default     = "staging"
+  type        = string
+}

terraform/modules/ses/inputs.tf

@@ -0,0 +1,14 @@
+variable "email" {
+  description = "Email for ses identity"
+  type        = string
+}
+
+variable "email_domain" {
+  description = "Email domain"
+  type        = string
+}
+
+variable "env" {
+  description = "environment variable (staging or production)"
+  type        = string
+}

terraform/modules/ses/ses.tf

@@ -0,0 +1,13 @@
+resource "aws_ses_email_identity" "sdc" {
+  email = var.email
+}
+
+resource "aws_ses_domain_identity" "sdc_domain" {
+  count  = var.env == "production" ? 1 : 0
+  domain = var.email_domain
+}
+
+resource "aws_ses_domain_dkim" "sdc_dkim" {
+  count  = var.env == "production" ? 1 : 0
+  domain = var.email_domain
+}