diff --git a/aws/resource_aws_ses_configuration_set.go b/aws/resource_aws_ses_configuration_set.go index 383190d6e2a..572d6da69a1 100644 --- a/aws/resource_aws_ses_configuration_set.go +++ b/aws/resource_aws_ses_configuration_set.go @@ -33,7 +33,8 @@ func resourceAwsSesConfigurationSet() *schema.Resource { Schema: map[string]*schema.Schema{ "tls_policy": { Type: schema.TypeString, - Required: true, + Optional: true, + Default: ses.TlsPolicyOptional, ValidateFunc: validation.StringInSlice([]string{ ses.TlsPolicyRequire, ses.TlsPolicyOptional, @@ -116,9 +117,11 @@ func resourceAwsSesConfigurationSetRead(d *schema.ResourceData, meta interface{} tlsPolicy := map[string]interface{}{ "tls_policy": response.DeliveryOptions.TlsPolicy, } - deliveryOptions = append(deliveryOptions, tlsPolicy) - d.Set("delivery_options", deliveryOptions) + + if err := d.Set("delivery_options", deliveryOptions); err != nil { + return fmt.Errorf("Error setting delivery_options for SES configuration set %s: %s", d.Id(), err) + } } d.Set("name", aws.StringValue(response.ConfigurationSet.Name)) diff --git a/website/docs/r/ses_configuration_set.markdown b/website/docs/r/ses_configuration_set.markdown index 98b2c0beef2..f3b9be2b26f 100644 --- a/website/docs/r/ses_configuration_set.markdown +++ b/website/docs/r/ses_configuration_set.markdown @@ -18,12 +18,28 @@ resource "aws_ses_configuration_set" "test" { } ``` +### Require TLS Connections + +```hcl +resource "aws_ses_configuration_set" "test" { + name = "some-configuration-set-test" + + delivery_options { + tls_policy = "Require" + } +} +``` + ## Argument Reference The following arguments are supported: * `name` - (Required) The name of the configuration set +Delivery Options (`delivery_options`) support the following: + +* `tls_policy` - (Optional) Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). Valid values: `Require` and `Optional`. If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Defaults to `Optional`. + ## Import SES Configuration Sets can be imported using their `name`, e.g.