Merge pull request #136 from TimurSaikaliev/feature/migration_to_sesv…

…2_res add sesv2 resources
trussworks · Mar 21, 2023 · 1baaf95 · 1baaf95
2 parents eb1dac7 + 14441a5
commit 1baaf95
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 42 deletions.
diff --git a/README.md b/README.md
@@ -84,14 +84,12 @@ No modules.
 | [aws_route53_record.dkim](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.mx_receive](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.mx_send_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_route53_record.ses_verification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.spf_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.txt_dmarc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_ses_domain_dkim.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_dkim) | resource |
-| [aws_ses_domain_identity.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity) | resource |
-| [aws_ses_domain_identity_verification.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity_verification) | resource |
-| [aws_ses_domain_mail_from.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_mail_from) | resource |
 | [aws_ses_receipt_rule.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_receipt_rule) | resource |
+| [aws_sesv2_email_identity.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity) | resource |
+| [aws_sesv2_email_identity_mail_from_attributes.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sesv2_email_identity_mail_from_attributes) | resource |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs
@@ -104,7 +102,6 @@ No modules.
 | enable\_dmarc | Control whether to create DMARC TXT record. | `bool` | `true` | no |
 | enable\_incoming\_email | Control whether or not to handle incoming emails. | `bool` | `true` | no |
 | enable\_spf\_record | Control whether or not to set SPF records. | `bool` | `true` | no |
-| enable\_verification | Control whether or not to verify SES DNS records. | `bool` | `true` | no |
 | extra\_ses\_records | Extra records to add to the \_amazonses TXT record. | `list(string)` | `[]` | no |
 | from\_addresses | List of email addresses to catch bounces and rejections. | `list(string)` | `null` | no |
 | mail\_from\_domain | Subdomain (of the route53 zone) which is to be used as MAIL FROM address | `string` | n/a | yes |
@@ -119,7 +116,6 @@ No modules.
 | Name | Description |
 |------|-------------|
 | ses\_identity\_arn | SES identity ARN. |
-| ses\_verification\_token | A code which when added to the domain as a TXT record will signal to SES that the owner of the domain has authorised SES to act on their behalf. |
 <!-- END_TF_DOCS -->
 
 ## Developer Setup

diff --git a/main.tf b/main.tf
@@ -11,33 +11,16 @@ locals {
 # SES Domain Verification
 #
 
-resource "aws_ses_domain_identity" "main" {
-  domain = local.stripped_domain_name
-}
-
-resource "aws_ses_domain_identity_verification" "main" {
-  count = var.enable_verification ? 1 : 0
-
-  domain = aws_ses_domain_identity.main.id
-
-  depends_on = [aws_route53_record.ses_verification]
-}
-
-resource "aws_route53_record" "ses_verification" {
-  count   = var.enable_verification ? 1 : 0
-  zone_id = var.route53_zone_id
-  name    = "_amazonses.${aws_ses_domain_identity.main.id}"
-  type    = "TXT"
-  ttl     = "600"
-  records = concat([aws_ses_domain_identity.main.verification_token], var.extra_ses_records)
+resource "aws_sesv2_email_identity" "main" {
+  email_identity = local.stripped_domain_name
 }
 
 #
 # SES DKIM Verification
 #
 
 resource "aws_ses_domain_dkim" "main" {
-  domain = aws_ses_domain_identity.main.domain
+  domain = aws_sesv2_email_identity.main.email_identity
 }
 
 resource "aws_route53_record" "dkim" {
@@ -58,8 +41,8 @@ resource "aws_route53_record" "dkim" {
 # SES MAIL FROM Domain
 #
 
-resource "aws_ses_domain_mail_from" "main" {
-  domain           = aws_ses_domain_identity.main.domain
+resource "aws_sesv2_email_identity_mail_from_attributes" "main" {
+  email_identity   = aws_sesv2_email_identity.main.email_identity
   mail_from_domain = local.stripped_mail_from_domain
 }
 
@@ -68,7 +51,7 @@ resource "aws_route53_record" "spf_mail_from" {
   count = var.enable_spf_record ? 1 : 0
 
   zone_id = var.route53_zone_id
-  name    = aws_ses_domain_mail_from.main.mail_from_domain
+  name    = aws_sesv2_email_identity_mail_from_attributes.main.mail_from_domain
   type    = "TXT"
   ttl     = "600"
   records = ["v=spf1 include:amazonses.com -all"]
@@ -80,7 +63,7 @@ data "aws_region" "current" {
 
 resource "aws_route53_record" "mx_send_mail_from" {
   zone_id = var.route53_zone_id
-  name    = aws_ses_domain_mail_from.main.mail_from_domain
+  name    = aws_sesv2_email_identity_mail_from_attributes.main.mail_from_domain
   type    = "MX"
   ttl     = "600"
   records = ["10 feedback-smtp.${data.aws_region.current.name}.amazonses.com"]

diff --git a/outputs.tf b/outputs.tf
@@ -1,9 +1,4 @@
 output "ses_identity_arn" {
   description = "SES identity ARN."
-  value       = aws_ses_domain_identity.main.arn
-}
-
-output "ses_verification_token" {
-  description = "A code which when added to the domain as a TXT record will signal to SES that the owner of the domain has authorised SES to act on their behalf."
-  value       = aws_ses_domain_identity.main.verification_token
+  value       = aws_sesv2_email_identity.main.arn
 }
diff --git a/variables.tf b/variables.tf
@@ -14,12 +14,6 @@ variable "domain_name" {
   type        = string
 }
 
-variable "enable_verification" {
-  description = "Control whether or not to verify SES DNS records."
-  type        = bool
-  default     = true
-}
-
 variable "enable_dmarc" {
   description = "Control whether to create DMARC TXT record."
   type        = bool