initial commit

modules/FrontendWebMobile/Ses/README.md

@@ -0,0 +1,42 @@
+<!-- This readme file is generated with terraform-docs -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 1.3.0 |
+| aws | >= 5.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 5.0 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_sesv2_configuration_set.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_configuration_set) | resource |
+| [aws_sesv2_email_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity) | resource |
+| [aws_sesv2_email_identity_policy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity_policy) | resource |
+| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
+| [aws_iam_policy_document.ses-policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| emails | Email addresses to be added to SES | `list(string)` | n/a | yes |
+| reputation\_metrics\_enabled | Enable reputation metrics | `bool` | `true` | no |
+
+## Outputs
+
+No outputs.
+ 
+---
+## Authorship
+This module was developed by UPDATE_THIS.

modules/FrontendWebMobile/Ses/main.tf

@@ -0,0 +1,63 @@
+data "aws_caller_identity" "this" {}
+data "aws_region" "this" {}
+
+resource "aws_sesv2_email_identity" "this" {
+  for_each               = toset(var.emails)
+  email_identity         = each.value
+  configuration_set_name = aws_sesv2_configuration_set.this.configuration_set_name
+}
+
+resource "aws_sesv2_configuration_set" "this" {
+  configuration_set_name = "default-sesv2-configuration-set"
+
+  delivery_options {
+    tls_policy = var.require_tls ? "REQUIRE" : "OPTIONAL"
+  }
+
+  reputation_options {
+    reputation_metrics_enabled = var.reputation_metrics_enabled
+  }
+
+  sending_options {
+    sending_enabled = true
+  }
+}
+
+# The exact same policy can be created successfully on console!
+#resource "aws_sesv2_email_identity_policy" "this" {
+#  for_each       = aws_sesv2_email_identity.this
+#  email_identity = each.value.arn
+#  policy_name    = "default-policy"
+#  # policy         = data.aws_iam_policy_document.ses-policy[each.key].json
+#  policy = jsonencode({
+#    "Version" : "2012-10-17",
+#    "Statement" : [
+#      {
+#        "Sid" : "default",
+#        "Effect" : "Allow",
+#        "Principal" : {
+#          "AWS" : "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"
+#        },
+#        "Action" : [
+#          "ses:SendEmail",
+#          "ses:SendRawEmail"
+#        ],
+#        "Resource" : each.value.arn,
+#        "Condition" : {}
+#      }
+#    ]
+#  })
+#}
+
+#data "aws_iam_policy_document" "ses-policy" {
+#  for_each = aws_sesv2_email_identity.this
+#  statement {
+#    sid       = "default"
+#    actions   = ["SES:SendEmail", "SES:SendRawEmail"]
+#    resources = [each.value.arn]
+#    principals {
+#      identifiers = [data.aws_caller_identity.this.account_id]
+#      type        = "AWS"
+#    }
+#  }
+#}

modules/FrontendWebMobile/Ses/variables.tf

@@ -0,0 +1,16 @@
+variable "emails" {
+  type        = list(string)
+  description = "Email addresses to be added to SES"
+}
+
+variable "reputation_metrics_enabled" {
+  type        = bool
+  description = "Enable reputation metrics"
+  default     = true
+}
+
+variable "require_tls" {
+  type        = bool
+  description = "Require TLS delivery option"
+  default     = true
+}

modules/FrontendWebMobile/Ses/versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.0, < 5.39"
+    }
+  }
+}