Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).
- Ensure terraform is installed
- Ensure domain is registered in route53
- Ensure an s3 bucket exists and SES has write permissions to it
- If you have an existing rule set you can skip creating the dependent resource
- Route53 zone id can be obtained by looking up the domain in route53 service
- Import the module called
ses_domainand update its source property totrussworks/ses-domain/awsand runterrafrom init - The next step is to configure the module with minimum values for SES to start working
- Once fully configured run
terraform planto see the execution plan andterrafrom applyto stand up SES
Creates the following resources:
- MX record pointing to AWS's SMTP endpoint
- TXT record for SPF validation
- Custom MAIL FROM domain
- CNAME records for DKIM verification
- SES Verfication for the domain
- SES is only available in us-east-1, us-west-2, and eu-west-1
- SES out of the box locks the service in development mode; please see this documentation on how to make it production ready. Until the service is in production mode you can only send emails to confirmed email accounts denoted in
from_addresses
Terraform 0.12. Pin module version to ~> 2.X. Submit pull-requests to master branch.
Terraform 0.11. Pin module version to ~> 1.0.2. Submit pull-requests to terraform011 branch.
See examples for functional examples on how to use this module.
module "ses_domain" {
source = "trussworks/ses-domain/aws"
domain_name = "example.com"
mail_from_domain = "email.example.com"
route53_zone_id = data.aws_route53_zone.ses_domain.zone_id
from_addresses = ["email1@example.com", "email2@example.com"]
dmarc_rua = "something@example.com"
receive_s3_bucket = "S3_bucket_with_write_permissions"
receive_s3_prefix = "path_to_store_received_emails"
ses_rule_set = "name-of-the-ruleset"
}
resource "aws_ses_receipt_rule_set" "name-of-the-ruleset" {
rule_set_name = "name-of-the-ruleset"
}
data "aws_route53_zone" "SES_domain" {
name = "example.com"
}| Name | Version |
|---|---|
| terraform | ~> 0.12.0 |
| aws | ~> 2.70 |
| Name | Version |
|---|---|
| aws | ~> 2.70 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| dmarc_p | DMARC Policy for organizational domains (none, quarantine, reject). | string |
"none" |
no |
| dmarc_rua | DMARC Reporting URI of aggregate reports, expects an email address. | string |
n/a | yes |
| domain_name | The domain name to configure SES. | string |
n/a | yes |
| enable_incoming_email | Control whether or not to handle incoming emails. | bool |
true |
no |
| enable_spf_record | Control whether or not to set SPF records. | bool |
true |
no |
| enable_verification | Control whether or not to verify SES DNS records. | bool |
true |
no |
| extra_ses_records | Extra records to add to the _amazonses TXT record. | list(string) |
[] |
no |
| from_addresses | List of email addresses to catch bounces and rejections. | list(string) |
n/a | yes |
| mail_from_domain | Subdomain (of the route53 zone) which is to be used as MAIL FROM address | string |
n/a | yes |
| receive_s3_bucket | Name of the S3 bucket to store received emails (required if enable_incoming_email is true). | string |
"" |
no |
| receive_s3_prefix | The key prefix of the S3 bucket to store received emails (required if enable_incoming_email is true). | string |
"" |
no |
| route53_zone_id | Route53 host zone ID to enable SES. | string |
n/a | yes |
| ses_rule_set | Name of the SES rule set to associate rules with. | string |
n/a | yes |
| Name | Description |
|---|---|
| ses_identity_arn | SES identity ARN. |
Install dependencies (macOS)
brew install pre-commit go terraform terraform-docsTerratest is being used for
automated testing with this module. Tests in the test folder can be run
locally by running the following command:
make testOr with aws-vault:
AWS_VAULT_KEYCHAIN_NAME=<NAME> aws-vault exec <PROFILE> -- make test