/ mail.tf
mail.tf
1 /** 2 * For more details on this setup see: 3 * https://github.com/arithmetric/aws-lambda-ses-forwarder 4 **/ 5 6 /* SES S3 Bucket --------------------------------*/ 7 8 resource "aws_s3_bucket" "ses-forwarder-emails" { 9 bucket = "ses-forwarder-emails" 10 acl = "private" 11 12 tags = { 13 Name = "Emails Managed by SES Forwarder Lambda function" 14 } 15 16 policy = <<EOF 17 { 18 "Version": "2012-10-17", 19 "Statement": [ 20 { 21 "Sid": "GiveSESPermissionToWriteEmail", 22 "Effect": "Allow", 23 "Principal": { 24 "Service": "ses.amazonaws.com" 25 }, 26 "Action": "s3:PutObject", 27 "Resource": "arn:aws:s3:::${var.ses_forwarder_bucket_name}/*", 28 "Condition": { 29 "StringEquals": { 30 "aws:Referer": "${data.aws_caller_identity.current.account_id}" 31 } 32 } 33 } 34 ] 35 } 36 EOF 37 38 39 lifecycle { 40 prevent_destroy = true 41 } 42 } 43 44 /* SES Configuration --------------------------------*/ 45 46 resource "aws_iam_role" "ses_lambda_role" { 47 name = "LambdaSesForwarder" 48 49 assume_role_policy = <<EOF 50 { 51 "Version": "2012-10-17", 52 "Statement": [ 53 { 54 "Action": "sts:AssumeRole", 55 "Principal": { 56 "Service": "lambda.amazonaws.com" 57 }, 58 "Effect": "Allow", 59 "Sid": "" 60 } 61 ] 62 } 63 EOF 64 65 } 66 67 resource "aws_iam_role_policy" "ses_lambda_policy" { 68 name = "LambdaSesForwarderPolicy" 69 role = aws_iam_role.ses_lambda_role.id 70 71 policy = <<EOF 72 { 73 "Version": "2012-10-17", 74 "Statement": [ 75 { 76 "Effect": "Allow", 77 "Action": ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"], 78 "Resource": "arn:aws:logs:*:*:*" 79 }, 80 { 81 "Effect": "Allow", 82 "Action": "ses:SendRawEmail", 83 "Resource": "*" 84 }, 85 { 86 "Effect": "Allow", 87 "Action": ["s3:GetObject", "s3:PutObject"], 88 "Resource": "arn:aws:s3:::${var.ses_forwarder_bucket_name}/*" 89 } 90 ] 91 } 92 EOF 93 94 } 95 96 data "archive_file" "ses_forwarder" { 97 type = "zip" 98 source_file = "files/sesforwarder/index.js" 99 output_path = "files/sesforwarder.zip" 100 } 101 102 resource "aws_lambda_function" "ses_forwarder" { 103 filename = "files/sesforwarder.zip" 104 105 source_code_hash = data.archive_file.ses_forwarder.output_base64sha256 106 107 function_name = "SesForwarder" 108 role = aws_iam_role.ses_lambda_role.arn 109 handler = "index.handler" 110 runtime = "nodejs14.x" 111 memory_size = 128 112 timeout = 10 113 } 114 115 resource "aws_lambda_permission" "allow_ses" { 116 statement_id = "AllowExecutionFromSES" 117 action = "lambda:InvokeFunction" 118 function_name = aws_lambda_function.ses_forwarder.function_name 119 principal = "ses.amazonaws.com" 120 } 121 122 resource "aws_ses_receipt_rule" "ses_forwarder" { 123 name = "SesForwarder" 124 125 enabled = true 126 scan_enabled = true 127 rule_set_name = "default-rule-set" 128 recipients = ["dap.ps"] 129 130 s3_action { 131 bucket_name = var.ses_forwarder_bucket_name 132 object_key_prefix = "${var.public_domain}/" 133 position = 1 134 } 135 136 lambda_action { 137 function_arn = aws_lambda_function.ses_forwarder.arn 138 invocation_type = "Event" 139 position = 2 140 } 141 } 142 143 /* Validated Domain -----------------------------*/ 144 145 resource "aws_ses_domain_identity" "dap_ps" { 146 domain = var.public_domain 147 } 148 149 resource "aws_ses_domain_dkim" "dap_ps" { 150 domain = aws_ses_domain_identity.dap_ps.domain 151 } 152 153 resource "aws_ses_domain_mail_from" "dap_ps" { 154 domain = aws_ses_domain_identity.dap_ps.domain 155 mail_from_domain = "mail.${aws_ses_domain_identity.dap_ps.domain}" 156 } 157 158 resource "aws_route53_record" "dap_ps_verification" { 159 zone_id = aws_route53_zone.dap_ps.zone_id 160 name = "_amazonses" 161 type = "TXT" 162 ttl = 3600 163 records = [aws_ses_domain_identity.dap_ps.verification_token] 164 } 165 166 resource "aws_route53_record" "dap_ps_mail_mx" { 167 zone_id = aws_route53_zone.dap_ps.zone_id 168 name = "mail" 169 type = "MX" 170 ttl = 3600 171 records = ["10 feedback-smtp.us-east-1.amazonses.com."] 172 } 173 174 resource "aws_route53_record" "dap_ps_mail_spf" { 175 zone_id = aws_route53_zone.dap_ps.zone_id 176 name = "mail" 177 type = "TXT" 178 ttl = 3600 179 records = ["v= spf1 include:amazonses.com ~all"] 180 } 181 182 resource "aws_route53_record" "dap_ps_dkim" { 183 zone_id = aws_route53_zone.dap_ps.zone_id 184 ttl = 3600 185 type = "CNAME" 186 count = 3 187 name = "${element(aws_ses_domain_dkim.dap_ps.dkim_tokens, count.index)}._domainkey" 188 records = ["${element(aws_ses_domain_dkim.dap_ps.dkim_tokens, count.index)}.dkim.amazonses.com."] 189 } 190 191 /* SES EMail Fowarding --------------------------*/ 192 193 resource "aws_route53_record" "dap_ps_mx" { 194 zone_id = aws_route53_zone.dap_ps.zone_id 195 name = "" 196 type = "MX" 197 ttl = 3600 198 records = ["10 inbound-smtp.us-east-1.amazonaws.com."] 199 } 200 201 /* Validated Emails -----------------------------*/ 202 203 resource "aws_ses_email_identity" "jakub" { 204 email = "jakub@status.im" 205 } 206 207 resource "aws_ses_email_identity" "andy" { 208 email = "andy@status.im" 209 } 210 211 resource "aws_ses_email_identity" "dapps-staking" { 212 email = "dapps-staking@status.im" 213 } 214 215 resource "aws_ses_email_identity" "dapps-approvals" { 216 email = "dapps-approvals@status.im" 217 }