diff --git a/main.tf b/main.tf index 3d03ebd..23de783 100644 --- a/main.tf +++ b/main.tf @@ -47,7 +47,7 @@ data "aws_iam_policy_document" "server_assetstore" { } module "smtp" { - source = "./modules/smtp" + source = "girder/girder4/heroku//modules/smtp" project_slug = var.project_slug route53_zone_id = var.route53_zone_id diff --git a/modules/smtp/main.tf b/modules/smtp/main.tf deleted file mode 100644 index ab2a9d3..0000000 --- a/modules/smtp/main.tf +++ /dev/null @@ -1,55 +0,0 @@ -resource "aws_ses_domain_identity" "smtp" { - domain = var.fqdn -} - -resource "aws_route53_record" "smtp_verification" { - zone_id = var.route53_zone_id - name = "_amazonses.${var.fqdn}" - type = "TXT" - ttl = "1800" - records = [aws_ses_domain_identity.smtp.verification_token] -} - -resource "aws_ses_domain_identity_verification" "smtp_verification" { - domain = aws_ses_domain_identity.smtp.id - depends_on = [aws_route53_record.smtp_verification] -} - -resource "aws_ses_domain_dkim" "smtp" { - domain = aws_ses_domain_identity.smtp.domain -} - -resource "aws_route53_record" "smtp_dkim" { - count = 3 - zone_id = var.route53_zone_id - name = "${element(aws_ses_domain_dkim.smtp.dkim_tokens, count.index)}._domainkey.${var.fqdn}" - type = "CNAME" - ttl = "1800" - records = ["${element(aws_ses_domain_dkim.smtp.dkim_tokens, count.index)}.dkim.amazonses.com"] -} - -# TODO: setup bounce notification to SNS -# https://www.terraform.io/docs/providers/aws/r/ses_identity_notification_topic.html - -resource "aws_iam_user" "smtp" { - name = "${var.project_slug}-smtp" -} - -# https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html -resource "aws_iam_access_key" "smtp" { - user = aws_iam_user.smtp.name -} - -resource "aws_iam_user_policy" "smtp" { - user = aws_iam_user.smtp.id - name = "${var.project_slug}-smtp" - policy = data.aws_iam_policy_document.smtp.json -} - -data "aws_iam_policy_document" "smtp" { - statement { - # https://docs.aws.amazon.com/ses/latest/DeveloperGuide/control-user-access.html - resources = [aws_ses_domain_identity.smtp.arn] - actions = ["ses:SendRawEmail"] - } -} diff --git a/modules/smtp/outputs.tf b/modules/smtp/outputs.tf deleted file mode 100644 index d855e94..0000000 --- a/modules/smtp/outputs.tf +++ /dev/null @@ -1,24 +0,0 @@ -data "aws_region" "current" {} - -output "host" { - # https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-connect.html - # SES is only available in limited regions, but provisioning should fail for other regions - value = "email-smtp.${data.aws_region.current.name}.amazonaws.com" - description = "The hostname for the outgoing SMTP server." -} - -output "port" { - value = 587 - description = "The port for the outgoing SMTP server." -} - -output "username" { - value = aws_iam_access_key.smtp.id - description = "The username for the outgoing SMTP server." -} - -output "password" { - value = aws_iam_access_key.smtp.ses_smtp_password_v4 - sensitive = true - description = "The password for the outgoing SMTP server." -} diff --git a/modules/smtp/variables.tf b/modules/smtp/variables.tf deleted file mode 100644 index 1b75897..0000000 --- a/modules/smtp/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "project_slug" { - type = string - nullable = true - description = "A slugified name, used to label AWS resources." -} - -variable "route53_zone_id" { - type = string - nullable = true - description = "The Route 53 zone ID to create new DNS records within." -} - -variable "fqdn" { - type = string - nullable = true - description = "The fully-qualified domain name for outgoing emails." -} diff --git a/modules/smtp/versions.tf b/modules/smtp/versions.tf deleted file mode 100644 index 1182721..0000000 --- a/modules/smtp/versions.tf +++ /dev/null @@ -1,9 +0,0 @@ -terraform { - required_version = ">= 1.1" - - required_providers { - aws = { - source = "hashicorp/aws" - } - } -}