From ccedc4a492034e9eee857b6a08d90d44f2fce1f2 Mon Sep 17 00:00:00 2001 From: Tomoya Kabe Date: Thu, 18 Feb 2021 15:55:26 +0900 Subject: [PATCH] Let SES encrypt received emails at rest --- README.md | 18 +++++++++++++++++- main.tf | 1 + variables.tf | 6 ++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 932a9f1..bc94175 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,22 @@ data "aws_route53_zone" "SES_domain" { |------|---------| | aws | >= 3.0 | +## Modules + +No Modules. + +## Resources + +| Name | +|------| +| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/data-sources/region) | +| [aws_route53_record](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/route53_record) | +| [aws_ses_domain_dkim](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_dkim) | +| [aws_ses_domain_identity](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_identity) | +| [aws_ses_domain_identity_verification](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_identity_verification) | +| [aws_ses_domain_mail_from](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_mail_from) | +| [aws_ses_receipt_rule](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_receipt_rule) | + ## Inputs | Name | Description | Type | Default | Required | @@ -87,6 +103,7 @@ data "aws_route53_zone" "SES_domain" { | from\_addresses | List of email addresses to catch bounces and rejections. | `list(string)` | n/a | yes | | mail\_from\_domain | Subdomain (of the route53 zone) which is to be used as MAIL FROM address | `string` | n/a | yes | | receive\_s3\_bucket | Name of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no | +| receive\_s3\_kms\_key\_arn | The ARN of the KMS key for S3 objects of received emails (effective if enable\_incoming\_email is true). | `string` | `null` | no | | receive\_s3\_prefix | The key prefix of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no | | route53\_zone\_id | Route53 host zone ID to enable SES. | `string` | n/a | yes | | ses\_rule\_set | Name of the SES rule set to associate rules with. | `string` | n/a | yes | @@ -97,7 +114,6 @@ data "aws_route53_zone" "SES_domain" { |------|-------------| | ses\_identity\_arn | SES identity ARN. | | ses\_verification\_token | A code which when added to the domain as a TXT record will signal to SES that the owner of the domain has authorised SES to act on their behalf. | - ## Developer Setup diff --git a/main.tf b/main.tf index a456350..ac5db46 100644 --- a/main.tf +++ b/main.tf @@ -136,6 +136,7 @@ resource "aws_ses_receipt_rule" "main" { bucket_name = var.receive_s3_bucket object_key_prefix = var.receive_s3_prefix + kms_key_arn = var.receive_s3_kms_key_arn } } diff --git a/variables.tf b/variables.tf index 0e374d6..1d85008 100644 --- a/variables.tf +++ b/variables.tf @@ -42,6 +42,12 @@ variable "receive_s3_prefix" { default = "" } +variable "receive_s3_kms_key_arn" { + description = "The ARN of the KMS key for S3 objects of received emails (effective if enable_incoming_email is true)." + type = string + default = null +} + variable "route53_zone_id" { description = "Route53 host zone ID to enable SES." type = string