initial commit

modules/FrontendWebMobile/Ses/main.tf

@@ -0,0 +1,63 @@
+data "aws_caller_identity" "this" {}
+data "aws_region" "this" {}
+
+resource "aws_sesv2_email_identity" "this" {
+  for_each               = toset(var.emails)
+  email_identity         = each.value
+  configuration_set_name = aws_sesv2_configuration_set.this.configuration_set_name
+}
+
+resource "aws_sesv2_configuration_set" "this" {
+  configuration_set_name = "default-sesv2-configuration-set"
+
+  delivery_options {
+    tls_policy = var.require_tls ? "REQUIRE" : "OPTIONAL"
+  }
+
+  reputation_options {
+    reputation_metrics_enabled = var.reputation_metrics_enabled
+  }
+
+  sending_options {
+    sending_enabled = true
+  }
+}
+
+# The exact same policy can be created successfully on console!
+#resource "aws_sesv2_email_identity_policy" "this" {
+#  for_each       = aws_sesv2_email_identity.this
+#  email_identity = each.value.arn
+#  policy_name    = "default-policy"
+#  # policy         = data.aws_iam_policy_document.ses-policy[each.key].json
+#  policy = jsonencode({
+#    "Version" : "2012-10-17",
+#    "Statement" : [
+#      {
+#        "Sid" : "default",
+#        "Effect" : "Allow",
+#        "Principal" : {
+#          "AWS" : "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"
+#        },
+#        "Action" : [
+#          "ses:SendEmail",
+#          "ses:SendRawEmail"
+#        ],
+#        "Resource" : each.value.arn,
+#        "Condition" : {}
+#      }
+#    ]
+#  })
+#}
+
+#data "aws_iam_policy_document" "ses-policy" {
+#  for_each = aws_sesv2_email_identity.this
+#  statement {
+#    sid       = "default"
+#    actions   = ["SES:SendEmail", "SES:SendRawEmail"]
+#    resources = [each.value.arn]
+#    principals {
+#      identifiers = [data.aws_caller_identity.this.account_id]
+#      type        = "AWS"
+#    }
+#  }
+#}