From 1367b46c1484b3ca38eda8f66965cd7bb9c54531 Mon Sep 17 00:00:00 2001 From: Bayron Carranza Date: Tue, 16 Jan 2024 13:38:42 -0600 Subject: [PATCH] AWS SES DKIM (#445) --- terraform-modules/aws/ses/dkim/README.md | 45 +++++++++++++++++++++ terraform-modules/aws/ses/dkim/main.tf | 6 +++ terraform-modules/aws/ses/dkim/outputs.tf | 4 ++ terraform-modules/aws/ses/dkim/variables.tf | 4 ++ 4 files changed, 59 insertions(+) create mode 100644 terraform-modules/aws/ses/dkim/README.md create mode 100644 terraform-modules/aws/ses/dkim/main.tf create mode 100644 terraform-modules/aws/ses/dkim/outputs.tf create mode 100644 terraform-modules/aws/ses/dkim/variables.tf diff --git a/terraform-modules/aws/ses/dkim/README.md b/terraform-modules/aws/ses/dkim/README.md new file mode 100644 index 000000000..fb46b3e57 --- /dev/null +++ b/terraform-modules/aws/ses/dkim/README.md @@ -0,0 +1,45 @@ +# What is DKIM +Docs: https://docs.aws.amazon.com/ses/latest/dg/send-email-authentication-dkim.html +DomainKeys Identified Mail (DKIM) is an email security standard designed to make sure that an email that claims to have come from a specific domain was indeed authorized by the owner of that domain. It uses public-key cryptography to sign an email with a private key. Recipient servers can then use a public key published to a domain's DNS to verify that parts of the email have not been modified during the transit. + + +This terraform is configuring an Easy DKIM: SES generates a public-private key pair and automatically adds a DKIM signature to every message that you send from that identity, see Easy DKIM in Amazon SES. + +The CNAMEs records outcomes of this terraform can be set up in DNS Managment like cloudflare, namecheap, so on. + +references: +- https://www.youtube.com/watch?v=C7rRSaP6fdA&t=216s + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_ses_domain_dkim.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_dkim) | resource | +| [aws_ses_domain_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [domain](#input\_domain) | Verified domain name to generate DKIM tokens for | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [dkim\_tokens](#output\_dkim\_tokens) | DKIM tokens generated by SES. | diff --git a/terraform-modules/aws/ses/dkim/main.tf b/terraform-modules/aws/ses/dkim/main.tf new file mode 100644 index 000000000..eb6686e1c --- /dev/null +++ b/terraform-modules/aws/ses/dkim/main.tf @@ -0,0 +1,6 @@ +resource "aws_ses_domain_identity" "this" { + domain = var.domain +} +resource "aws_ses_domain_dkim" "this" { + domain = aws_ses_domain_identity.this.domain +} \ No newline at end of file diff --git a/terraform-modules/aws/ses/dkim/outputs.tf b/terraform-modules/aws/ses/dkim/outputs.tf new file mode 100644 index 000000000..eaba0e661 --- /dev/null +++ b/terraform-modules/aws/ses/dkim/outputs.tf @@ -0,0 +1,4 @@ +output "dkim_tokens" { + description = "DKIM tokens generated by SES." + value = aws_ses_domain_dkim.this.dkim_tokens +} \ No newline at end of file diff --git a/terraform-modules/aws/ses/dkim/variables.tf b/terraform-modules/aws/ses/dkim/variables.tf new file mode 100644 index 000000000..3e45e51d2 --- /dev/null +++ b/terraform-modules/aws/ses/dkim/variables.tf @@ -0,0 +1,4 @@ +variable "domain" { + description = "Verified domain name to generate DKIM tokens for" +} +