-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
94 lines (74 loc) · 2.44 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#=====================================
# SES Domain Identity
#=====================================
resource "aws_sesv2_email_identity" "this" {
count = module.this.enabled ? 1 : 0
email_identity = var.domain
configuration_set_name = aws_sesv2_configuration_set.this[0].configuration_set_name
tags = module.this.tags
}
resource "aws_sesv2_configuration_set" "this" {
count = module.this.enabled ? 1 : 0
configuration_set_name = module.this.id
tags = module.this.tags
dynamic "delivery_options" {
for_each = var.create_sending_pool ? ["_enable"] : []
content {
sending_pool_name = aws_sesv2_dedicated_ip_pool.this[0].pool_name
}
}
dynamic "delivery_options" {
for_each = !var.create_sending_pool && var.sending_pool_name != "" ? ["_enable"] : []
content {
sending_pool_name = var.sending_pool_name
}
}
}
resource "aws_sesv2_dedicated_ip_pool" "this" {
count = module.this.enabled && var.create_sending_pool ? 1 : 0
pool_name = var.sending_pool_name != "" ? var.sending_pool_name : module.this.id
scaling_mode = var.sending_pool_scaling_mode
tags = module.this.tags
}
#=====================================
# IAM Group for SES Domain Identity
#=====================================
resource "aws_iam_group" "ses_users" {
count = module.this.enabled ? 1 : 0
name = module.this.id
path = var.group_path
}
## IAM Group Policies for SES Domain Identity
locals {
allowed_sending_addresses = length(var.allowed_sending_addresses) != 0 ? var.allowed_sending_addresses : ["*@${var.domain}"]
}
data "aws_iam_policy_document" "ses_group_sending_policy" {
statement {
effect = "Allow"
resources = [
aws_sesv2_email_identity.this[0].arn,
aws_sesv2_configuration_set.this[0].arn
]
actions = [
"ses:SendRawEmail",
"ses:SendEmail"
]
condition {
test = "StringLike"
variable = "ses:FromAddress"
values = local.allowed_sending_addresses
}
}
}
resource "aws_iam_policy" "ses_sending_policy" {
count = module.this.enabled ? 1 : 0
name = module.this.id
path = var.group_path
policy = data.aws_iam_policy_document.ses_group_sending_policy.json
tags = module.this.tags
}
resource "aws_iam_group_policy_attachment" "ses_sending_policy" {
count = module.this.enabled ? 1 : 0
group = aws_iam_group.ses_users[0].name
policy_arn = aws_iam_policy.ses_sending_policy[0].arn
}