Skip to content

Commit

Permalink
Let SES encrypt received emails at rest
Browse files Browse the repository at this point in the history
  • Loading branch information
limitusus committed Feb 18, 2021
1 parent 2eddabd commit ccedc4a
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 1 deletion.
18 changes: 17 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,22 @@ data "aws_route53_zone" "SES_domain" {
|------|---------|
| aws | >= 3.0 |

## Modules

No Modules.

## Resources

| Name |
|------|
| [aws_region](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/data-sources/region) |
| [aws_route53_record](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/route53_record) |
| [aws_ses_domain_dkim](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_dkim) |
| [aws_ses_domain_identity](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_identity) |
| [aws_ses_domain_identity_verification](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_identity_verification) |
| [aws_ses_domain_mail_from](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_domain_mail_from) |
| [aws_ses_receipt_rule](https://registry.terraform.io/providers/hashicorp/aws/3.0/docs/resources/ses_receipt_rule) |

## Inputs

| Name | Description | Type | Default | Required |
Expand All @@ -87,6 +103,7 @@ data "aws_route53_zone" "SES_domain" {
| from\_addresses | List of email addresses to catch bounces and rejections. | `list(string)` | n/a | yes |
| mail\_from\_domain | Subdomain (of the route53 zone) which is to be used as MAIL FROM address | `string` | n/a | yes |
| receive\_s3\_bucket | Name of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no |
| receive\_s3\_kms\_key\_arn | The ARN of the KMS key for S3 objects of received emails (effective if enable\_incoming\_email is true). | `string` | `null` | no |
| receive\_s3\_prefix | The key prefix of the S3 bucket to store received emails (required if enable\_incoming\_email is true). | `string` | `""` | no |
| route53\_zone\_id | Route53 host zone ID to enable SES. | `string` | n/a | yes |
| ses\_rule\_set | Name of the SES rule set to associate rules with. | `string` | n/a | yes |
Expand All @@ -97,7 +114,6 @@ data "aws_route53_zone" "SES_domain" {
|------|-------------|
| ses\_identity\_arn | SES identity ARN. |
| ses\_verification\_token | A code which when added to the domain as a TXT record will signal to SES that the owner of the domain has authorised SES to act on their behalf. |

<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

## Developer Setup
Expand Down
1 change: 1 addition & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ resource "aws_ses_receipt_rule" "main" {

bucket_name = var.receive_s3_bucket
object_key_prefix = var.receive_s3_prefix
kms_key_arn = var.receive_s3_kms_key_arn
}
}

6 changes: 6 additions & 0 deletions variables.tf
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,12 @@ variable "receive_s3_prefix" {
default = ""
}

variable "receive_s3_kms_key_arn" {
description = "The ARN of the KMS key for S3 objects of received emails (effective if enable_incoming_email is true)."
type = string
default = null
}

variable "route53_zone_id" {
description = "Route53 host zone ID to enable SES."
type = string
Expand Down

0 comments on commit ccedc4a

Please sign in to comment.