Moved ccms-ebs member infrastructure from mp repo

ministryofjustice · Jan 30, 2024 · ebb11d2 · ebb11d2
1 parent 0032fd1
commit ebb11d2
Showing 1 changed file with 35 additions and 0 deletions.
diff --git a/terraform/environments/ccms-ebs/ccms-iam.tf b/terraform/environments/ccms-ebs/ccms-iam.tf
@@ -244,3 +244,38 @@ resource "aws_iam_role_policy_attachment" "access_to_lz_buckets_policy" {
   role       = aws_iam_role.role_stsassume_oracle_base.name
   policy_arn = aws_iam_policy.access_to_lz_buckets.arn
 }
+
+#Moved member infrastructure IAM resources from MP repo
+
+#tfsec:ignore:aws-iam-no-user-attached-policies
+resource "aws_iam_user" "email" {
+  #checkov:skip=CKV_AWS_273: "Skipping as tfsec check is also set to ignore"
+  name = format("%s-%s-email_user", local.application_name, local.environment)
+  tags = merge(local.tags,
+    { Name = format("%s-%s-email_user", local.application_name, local.environment) }
+  )
+}
+
+resource "aws_iam_access_key" "email" {
+  user = aws_iam_user.email.name
+}
+
+#tfsec:ignore:aws-iam-no-policy-wildcards
+resource "aws_iam_user_policy" "email_policy" {
+  name   = "AmazonSesSendingAccess"
+  user   = aws_iam_user.email.name
+  policy = data.aws_iam_policy_document.email.json
+}
+
+# Following AWS recommended policy
+#tfsec:ignore:aws-iam-no-policy-wildcards
+data "aws_iam_policy_document" "email" {
+  #checkov:skip=CKV_AWS_111
+  #checkov:skip=CKV_AWS_356: Policy follows AWS guidance
+  statement {
+    actions = [
+      "ses:SendRawEmail"
+    ]
+    resources = ["*"]
+  }
+}