From 4ec96c29de47c6907ac6ab434d3d22753ede7274 Mon Sep 17 00:00:00 2001 From: Matthew Geng <35342787+matthewgeng@users.noreply.github.com> Date: Thu, 23 Dec 2021 19:04:57 -0500 Subject: [PATCH] Mg/ses terraform (#214) * add ses domain and email address verification --- terraform/environments/production/locals.tf | 3 +++ terraform/environments/production/main.tf | 12 ++++++++++++ terraform/environments/production/variables.tf | 12 ++++++++++++ terraform/environments/staging/locals.tf | 3 +++ terraform/environments/staging/main.tf | 14 ++++++++++++++ terraform/environments/staging/variables.tf | 14 ++++++++++++++ terraform/modules/ses/inputs.tf | 14 ++++++++++++++ terraform/modules/ses/ses.tf | 13 +++++++++++++ 8 files changed, 85 insertions(+) create mode 100644 terraform/environments/production/locals.tf create mode 100644 terraform/environments/staging/locals.tf create mode 100644 terraform/modules/ses/inputs.tf create mode 100644 terraform/modules/ses/ses.tf diff --git a/terraform/environments/production/locals.tf b/terraform/environments/production/locals.tf new file mode 100644 index 00000000..175b0628 --- /dev/null +++ b/terraform/environments/production/locals.tf @@ -0,0 +1,3 @@ +locals { + email = "info@${var.email_domain}" +} diff --git a/terraform/environments/production/main.tf b/terraform/environments/production/main.tf index af7a5c34..44231b33 100644 --- a/terraform/environments/production/main.tf +++ b/terraform/environments/production/main.tf @@ -19,11 +19,13 @@ provider "aws" { region = "us-west-2" } +# ------------------------------------------------------------------ module "iam" { source = "../../modules/iam" cloudwatch_lambda_logs_policy_name = var.cloudwatch_lambda_logs_policy_name } +# ------------------------------------------------------------------ module "s3" { source = "../../modules/s3" allowed_origins = [var.sdc_domain] @@ -38,6 +40,7 @@ module "s3" { s3_images_bucket_name = var.s3_images_bucket_name } +# ------------------------------------------------------------------ module "parameter_store" { source = "../../modules/parameter_store" @@ -54,6 +57,7 @@ module "parameter_store" { lambda_secret_key_name = var.lambda_secret_key_name } +# ------------------------------------------------------------------ # Lambda functions, could encapsulate in another module for all lambda functions module "cronMailing" { source = "../../modules/lambda" # essentially wraps around a lambda @@ -76,3 +80,11 @@ module "cronMailing_eventbridge" { target_arn = module.cronMailing.lambda_function_arn target_id = module.cronMailing.lambda_function_name } +# ------------------------------------------------------------------ +# SES +module "ses" { + env = var.env + source = "../../modules/ses" + email = local.email + email_domain = var.email_domain +} diff --git a/terraform/environments/production/variables.tf b/terraform/environments/production/variables.tf index 71f4db64..b88419dd 100644 --- a/terraform/environments/production/variables.tf +++ b/terraform/environments/production/variables.tf @@ -8,6 +8,12 @@ variable "sdc_domain" { type = string } +variable "email_domain" { + description = "Email address for SES" + default = "socialdiversity.org" + type = string +} + # should add variable condition checks to limit configuration discrepencies # ------------------------------------------------------------------ # IAM @@ -110,3 +116,9 @@ variable "lambda_secret_key_name" { default = "LAMBDA_SECRET_KEY" type = string } + +variable "env" { + description = "environment value for internal terraform use" + default = "production" + type = string +} diff --git a/terraform/environments/staging/locals.tf b/terraform/environments/staging/locals.tf new file mode 100644 index 00000000..67a6d05b --- /dev/null +++ b/terraform/environments/staging/locals.tf @@ -0,0 +1,3 @@ +locals { + email = "socialdiversity@${var.email_domain}" +} diff --git a/terraform/environments/staging/main.tf b/terraform/environments/staging/main.tf index dccd3a98..c6a24908 100644 --- a/terraform/environments/staging/main.tf +++ b/terraform/environments/staging/main.tf @@ -19,11 +19,13 @@ provider "aws" { region = "us-east-1" } +# ------------------------------------------------------------------ module "iam" { source = "../../modules/iam" cloudwatch_lambda_logs_policy_name = var.cloudwatch_lambda_logs_policy_name } +# ------------------------------------------------------------------ module "s3" { source = "../../modules/s3" allowed_origins = ["http://localhost:3000", var.sdc_domain, var.sdc_pr_domain] @@ -38,6 +40,7 @@ module "s3" { s3_images_bucket_name = var.s3_images_bucket_name } +# ------------------------------------------------------------------ module "parameter_store" { source = "../../modules/parameter_store" @@ -54,6 +57,7 @@ module "parameter_store" { lambda_secret_key_name = var.lambda_secret_key_name } +# ------------------------------------------------------------------ # Lambda functions, could encapsulate in another module for all lambda functions module "cronMailing" { source = "../../modules/lambda" # essentially wraps around a lambda @@ -76,3 +80,13 @@ module "cronMailing_eventbridge" { target_arn = module.cronMailing.lambda_function_arn target_id = module.cronMailing.lambda_function_name } + +# ------------------------------------------------------------------ +# SES + +module "ses" { + env = var.env + source = "../../modules/ses" + email = local.email + email_domain = var.email_domain +} diff --git a/terraform/environments/staging/variables.tf b/terraform/environments/staging/variables.tf index f09ee789..33dcf23d 100644 --- a/terraform/environments/staging/variables.tf +++ b/terraform/environments/staging/variables.tf @@ -14,6 +14,14 @@ variable "sdc_pr_domain" { type = string } +# ------------------------------------------------------------------ +# SES +variable "email_domain" { + description = "Email address for SES" + default = "uwblueprint.org" + type = string +} + # should add variable condition checks to limit configuration discrepencies # ------------------------------------------------------------------ # IAM @@ -116,3 +124,9 @@ variable "lambda_secret_key_name" { default = "LAMBDA_SECRET_KEY" type = string } + +variable "env" { + description = "environment value for internal terraform use" + default = "staging" + type = string +} diff --git a/terraform/modules/ses/inputs.tf b/terraform/modules/ses/inputs.tf new file mode 100644 index 00000000..5d3df57b --- /dev/null +++ b/terraform/modules/ses/inputs.tf @@ -0,0 +1,14 @@ +variable "email" { + description = "Email for ses identity" + type = string +} + +variable "email_domain" { + description = "Email domain" + type = string +} + +variable "env" { + description = "environment variable (staging or production)" + type = string +} diff --git a/terraform/modules/ses/ses.tf b/terraform/modules/ses/ses.tf new file mode 100644 index 00000000..d733e390 --- /dev/null +++ b/terraform/modules/ses/ses.tf @@ -0,0 +1,13 @@ +resource "aws_ses_email_identity" "sdc" { + email = var.email +} + +resource "aws_ses_domain_identity" "sdc_domain" { + count = var.env == "production" ? 1 : 0 + domain = var.email_domain +} + +resource "aws_ses_domain_dkim" "sdc_dkim" { + count = var.env == "production" ? 1 : 0 + domain = var.email_domain +}