Configures a domain hosted on Route53 to work with AWS Simple Email Service (SES).
- Ensure terraform is installed
- Ensure domain is registered in route53
- Ensure an s3 bucket exists and SES has write permissions to it
- If you have an existing rule set you can skip creating the dependent resource
- Route53 zone id can be obtained by looking up the domain in route53 service
- Import the module called
ses_domainand update its source property totrussworks/ses-domain/awsand runterrafrom init - The next step is to configure the module with minimum values for SES to start working
- Once fully configured run
terraform planto see the execution plan andterrafrom applyto stand up SES
Creates the following resources:
- MX record pointing to AWS's SMTP endpoint
- TXT record for SPF validation
- Custom MAIL FROM domain
- CNAME records for DKIM verification
- SES Verfication for the domain
- SES is only available in a limited number of AWS Regions.
- SES out of the box locks the service in development mode; please see this documentation on how to make it production ready. Until the service is in production mode you can only send emails to confirmed email accounts denoted in
from_addresses
See examples for functional examples on how to use this module.
module "ses_domain" {
source = "trussworks/ses-domain/aws"
domain_name = "example.com"
mail_from_domain = "email.example.com"
route53_zone_id = data.aws_route53_zone.ses_domain.zone_id
from_addresses = ["[email protected]", "[email protected]"]
dmarc_rua = "[email protected]"
receive_s3_bucket = "S3_bucket_with_write_permissions"
receive_s3_prefix = "path_to_store_received_emails"
ses_rule_set = "name-of-the-ruleset"
}
resource "aws_ses_receipt_rule_set" "name-of-the-ruleset" {
rule_set_name = "name-of-the-ruleset"
}
data "aws_route53_zone" "ses_domain" {
name = "example.com"
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 3.0 |
| Name | Version |
|---|---|
| aws | >= 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_route53_record.dkim | resource |
| aws_route53_record.mx_receive | resource |
| aws_route53_record.mx_send_mail_from | resource |
| aws_route53_record.spf_mail_from | resource |
| aws_route53_record.txt_dmarc | resource |
| aws_ses_receipt_rule.main | resource |
| aws_sesv2_email_identity.main | resource |
| aws_sesv2_email_identity_mail_from_attributes.main | resource |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| dmarc_p | DMARC Policy for organizational domains (none, quarantine, reject). | string |
"none" |
no |
| dmarc_rua | DMARC Reporting URI of aggregate reports, expects an email address. | string |
n/a | yes |
| domain_name | The domain name to configure SES. | string |
n/a | yes |
| enable_dmarc | Control whether to create DMARC TXT record. | bool |
true |
no |
| enable_incoming_email | Control whether or not to handle incoming emails. | bool |
true |
no |
| enable_spf_record | Control whether or not to set SPF records. | bool |
true |
no |
| from_addresses | List of email addresses to catch bounces and rejections. | list(string) |
null |
no |
| mail_from_domain | Subdomain (of the route53 zone) which is to be used as MAIL FROM address | string |
n/a | yes |
| receive_s3_bucket | Name of the S3 bucket to store received emails (required if enable_incoming_email is true). | string |
"" |
no |
| receive_s3_kms_key_arn | The ARN of the KMS key for S3 objects of received emails (effective if enable_incoming_email is true). | string |
null |
no |
| receive_s3_prefix | The key prefix of the S3 bucket to store received emails (required if enable_incoming_email is true). | string |
"" |
no |
| route53_zone_id | Route53 host zone ID to enable SES. | string |
n/a | yes |
| ses_rule_set | Name of the SES rule set to associate rules with. | string |
n/a | yes |
| Name | Description |
|---|---|
| ses_identity_arn | SES identity ARN. |
Install dependencies (macOS)
brew install pre-commit go terraform terraform-docs