Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Enhancement]: Disable account level suppression list in configuration set for SESv2. #38207

Open
kazu23pole opened this issue Jul 1, 2024 · 6 comments
Assignees
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/sesv2 Issues and PRs that pertain to the sesv2 service.

Comments

@kazu23pole
Copy link

kazu23pole commented Jul 1, 2024

Description

I tried to disable the suppression lists that are enabled at the account level when sending from a specific email address, but I could not find such an option.
I tried putting an empty array or an empty character array in suppressed_reasons, but both resulted in an error.

╷
│ Error: Not enough list items
│ 
│   with aws_sesv2_configuration_set.ses_logging_nosuppression,
│   on log.tf line 172, in resource "aws_sesv2_configuration_set" "ses_logging_nosuppression":
│  172:     suppressed_reasons = []
│ 
│ Attribute suppression_options.0.suppressed_reasons requires 1 item minimum,
│ but config has only 0 declared.
╵
╷
│ Error: expected suppressed_reasons to be one of ["BOUNCE" "COMPLAINT"], got 
│ 
│   with aws_sesv2_configuration_set.ses_logging_nosuppression,
│   on log.tf line 172, in resource "aws_sesv2_configuration_set" "ses_logging_nosuppression":
│  172:     suppressed_reasons = [""]
│ 
╵

Affected Resource(s) and/or Data Source(s)

  • aws_sesv2_configuration_set

Potential Terraform Configuration

resource "aws_sesv2_configuration_set" "example" {
・・・
  suppression_options {
    suppressed_reasons = []
  }
・・・
}

References

Would you like to implement a fix?

None

@kazu23pole kazu23pole added the enhancement Requests to existing resources that expand the functionality or scope. label Jul 1, 2024
Copy link

github-actions bot commented Jul 1, 2024

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/sesv2 Issues and PRs that pertain to the sesv2 service. label Jul 1, 2024
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Jul 1, 2024
@kazu23pole kazu23pole changed the title [Enhancement]: Disable account level suppression list for SESv2. [Enhancement]: Disable account level suppression list in configuration set for SESv2. Jul 1, 2024
@justinretzolk justinretzolk removed the needs-triage Waiting for first response or review from a maintainer. label Jul 2, 2024
@acwwat
Copy link
Contributor

acwwat commented Jul 21, 2024

This probably requires a new Terraform resource, since account-level suppression list is a separate entity from configuration sets.

Perhaps we need an aws_sesv2_account resource that captures all account-level settings, and then use the attribute-specific put functions (such as PutAccountSuppressionAttributes on "create" and update.

However, there is already a precedence with VDM implemented as a separate Terraform resource, so i am not sure what the best option would be.

@kamilturek kamilturek self-assigned this Aug 6, 2024
@nick-durcholz-vectorsolutions
Copy link

nick-durcholz-vectorsolutions commented Aug 8, 2024

I don't think this needs a new resource because according to https://docs.aws.amazon.com/ses/latest/dg/sending-email-suppression-list-config-level.html you should be able to disable using the account suppression list for a specific configuration set.

I was confused by awscli because it has the following behavior:

> aws sesv2 create-configuration-set --configuration-set-name nickd-test --suppression-options SuppressedReasons=

An error occurred (BadRequestException) when calling the CreateConfigurationSet operation: 1 validation error detected: Value at 'suppressionOptions.suppressedReasons' failed to satisfy constraint: Member must satisfy constraint: [Member must satisfy enum value set: [BOUNCE, COMPLAINT]]

However, boto3 allows you to create a suppression list with empty suppression options:

>>> import boto3
>>> client=boto3.client('sesv2')
>>> client.create_configuration_set(ConfigurationSetName="nickd-test", SuppressionOptions={"SuppressedReasons":[]})
{'ResponseMetadata': {'RequestId': '...', 'HTTPStatusCode': 200, 'HTTPHeaders': ...}

When I look at the details page of the configuration set created by boto3 in the SES console, it says that the suppression list is disabled for this configuration set.

Based on this, I would expect the terraform resource to accept an empty list for the suppressed_reasons and that would disable use of the account suppression list for the created configuration set.

@mattmauriello
Copy link

@nick-durcholz-vectorsolutions ,
I was able to set it via the CLI, but it was a non-obvious approach:

aws sesv2 put-configuration-set-suppression-options --configuration-set-name CONFIGSET_TEST --profile aws-dev --cli-input-json '{"SuppressedReasons": []}'

In short, you need to use the "cli-input" field so you cna pass in an empty list similar to the boto3 command

@nick-durcholz-vectorsolutions

We may use the following work around until this is resolved

resource "aws_sesv2_configuration_set" "this" {
  configuration_set_name = local.config_set_name
}

resource "null_resource" "sesv2_suppression_options" {
  provisioner "local-exec" {
    command = "aws sesv2 put-configuration-set-suppression-options --configuration-set-name \"${aws_sesv2_configuration_set.this.configuration_set_name}\" --cli-input-json '{\"SuppressedReasons\": []}'"
  }
  # run this command every time the module is applied
  triggers = {
    always_run = "${timestamp()}"
  }
}

@nightpool
Copy link

Seems like this is fixed as of #29671

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/sesv2 Issues and PRs that pertain to the sesv2 service.
Projects
None yet
Development

No branches or pull requests

7 participants