[FIX] PRMDR-599: Add auto-verification and enable test environment (#135

)

* add verification

* update dkim record

* revert domain prefix in dkim record

* add domain prefix

* remove custom mailing

* re-enable flags

infrastructure/README.md

@@ -8,7 +8,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.16.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.12.0 |
 
 ## Modules
 

infrastructure/lambda-send-feedback.tf

@@ -1,3 +1,15 @@
+locals {
+  ses_feedback_sender_email_address = (
+    local.is_production ? "feedback@${var.certificate_domain}" :
+    local.is_sandbox ? "feedback@ndr-dev.${var.domain}" :
+    "feedback@${terraform.workspace}.${var.domain}"
+  )
+  feedback_recipient_list_ssm_param_key = (local.is_sandbox
+    ? "/prs/dev/user-input/feedback-recipient-email-list"
+    : "/prs/${var.environment}/user-input/feedback-recipient-email-list"
+  )
+}
+
 module "send-feedback-gateway" {
   # Gateway Variables
   source              = "./modules/gateway"
@@ -20,7 +32,6 @@ module "send-feedback-gateway" {
   ]
 }
 
-
 module "send-feedback-alarm" {
   source               = "./modules/lambda_alarms"
   lambda_function_name = module.send-feedback-lambda.function_name
@@ -63,8 +74,6 @@ module "send-feedback-alarm-topic" {
   depends_on = [module.send-feedback-lambda, module.sns_encryption_key]
 }
 
-
-
 module "send-feedback-lambda" {
   source  = "./modules/lambda"
   name    = "SendFeedbackLambda"
@@ -103,7 +112,7 @@ resource "aws_iam_policy" "ses_send_email_policy" {
           "ses:SendEmail",
         ],
         Resource = [
-          local.ses_send_feedback_email_resource_arn,
+          "arn:aws:ses:${local.current_region}:${local.current_account_id}:identity/*",
         ]
       }
     ]

infrastructure/modules/ses/README.md

@@ -16,26 +16,20 @@ No modules.
 
 | Name | Type |
 |------|------|
-| [aws_route53_record.ndr_amazonses_verification_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
-| [aws_route53_record.ndr_mx_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_record.ndr_ses_dkim_record](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_ses_domain_dkim.ndr_dkim](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_dkim) | resource |
 | [aws_ses_domain_identity.ndr_ses](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity) | resource |
-| [aws_ses_domain_mail_from.ndr_mail_from](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_mail_from) | resource |
+| [aws_ses_domain_identity_verification.ndr_ses_domain_verification](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ses_domain_identity_verification) | resource |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_domain"></a> [domain](#input\_domain) | n/a | `string` | n/a | yes |
+| <a name="input_domain_prefix"></a> [domain\_prefix](#input\_domain\_prefix) | n/a | `string` | n/a | yes |
 | <a name="input_enable"></a> [enable](#input\_enable) | n/a | `bool` | n/a | yes |
-| <a name="input_from_mail_prefix"></a> [from\_mail\_prefix](#input\_from\_mail\_prefix) | n/a | `string` | n/a | yes |
 | <a name="input_zone_id"></a> [zone\_id](#input\_zone\_id) | n/a | `string` | n/a | yes |
 
 ## Outputs
 
-| Name | Description |
-|------|-------------|
-| <a name="output_is_enable"></a> [is\_enable](#output\_is\_enable) | n/a |
-| <a name="output_mail_from_domain_name"></a> [mail\_from\_domain\_name](#output\_mail\_from\_domain\_name) | n/a |
-| <a name="output_ses_domain_identity_arn"></a> [ses\_domain\_identity\_arn](#output\_ses\_domain\_identity\_arn) | n/a |
+No outputs.

infrastructure/modules/ses/main.tf

@@ -1,49 +1,29 @@
 resource "aws_ses_domain_identity" "ndr_ses" {
-  domain = "${terraform.workspace}.${var.domain}"
+  domain = var.domain
   count  = var.enable ? 1 : 0
 }
 
 resource "aws_ses_domain_dkim" "ndr_dkim" {
   domain = aws_ses_domain_identity.ndr_ses[0].domain
-  count  = var.enable ? 1 : 0
+
+  count      = var.enable ? 1 : 0
+  depends_on = [aws_ses_domain_identity.ndr_ses[0]]
 }
 
 resource "aws_route53_record" "ndr_ses_dkim_record" {
-  count   = var.enable ? 3 : 0
   zone_id = var.zone_id
-  name    = "${aws_ses_domain_dkim.ndr_dkim[0].dkim_tokens[count.index]}._domainkey"
+  name    = "${aws_ses_domain_dkim.ndr_dkim[0].dkim_tokens[count.index]}._domainkey.${var.domain_prefix}"
   type    = "CNAME"
-  ttl     = 600
+  ttl     = 1800
   records = ["${aws_ses_domain_dkim.ndr_dkim[0].dkim_tokens[count.index]}.dkim.amazonses.com"]
-}
-
-# resource "aws_ses_domain_identity_verification" "ndr_ses_domain_verification" {
-#   domain = aws_ses_domain_identity.ndr_ses[0].domain
-#   count  = var.enable ? 1 : 0
-
-#   depends_on = [aws_route53_record.ndr_ses_dkim_record[0]]
-# }
 
-resource "aws_route53_record" "ndr_amazonses_verification_record" {
-  count   = var.enable ? 1 : 0
-  zone_id = var.zone_id
-  name    = aws_ses_domain_mail_from.ndr_mail_from[0].mail_from_domain
-  type    = "TXT"
-  ttl     = 600
-  records = ["v=spf1 include:amazonses.com -all"]
+  count      = var.enable ? 3 : 0
+  depends_on = [aws_ses_domain_dkim.ndr_dkim[0]]
 }
 
-resource "aws_ses_domain_mail_from" "ndr_mail_from" {
-  count            = var.enable ? 1 : 0
-  domain           = aws_ses_domain_identity.ndr_ses[0].domain
-  mail_from_domain = "mailing.${aws_ses_domain_identity.ndr_ses[0].domain}"
-}
+resource "aws_ses_domain_identity_verification" "ndr_ses_domain_verification" {
+  domain = aws_ses_domain_identity.ndr_ses[0].domain
 
-resource "aws_route53_record" "ndr_mx_record" {
-  count   = var.enable ? 1 : 0
-  name    = aws_ses_domain_mail_from.ndr_mail_from[0].mail_from_domain
-  type    = "MX"
-  records = ["10 feedback-smtp.eu-west-2.amazonses.com"]
-  zone_id = var.zone_id
-  ttl     = 300
+  count      = var.enable ? 1 : 0
+  depends_on = [aws_route53_record.ndr_ses_dkim_record[0]]
 }

infrastructure/modules/ses/variable.tf

@@ -1,12 +1,12 @@
-variable "domain" {
+variable "domain_prefix" {
   type = string
 }
 
-variable "zone_id" {
+variable "domain" {
   type = string
 }
 
-variable "from_mail_prefix" {
+variable "zone_id" {
   type = string
 }
 

infrastructure/ses.tf

@@ -1,7 +1,17 @@
+locals {
+  domain_prefix = (
+    local.is_production ? var.environment :
+    local.is_sandbox ? "ndr-dev" :
+    terraform.workspace
+  )
+
+  domain = "${local.domain_prefix}.${var.domain}"
+}
+
 module "ndr-feedback-mailbox" {
-  source           = "./modules/ses"
-  domain           = var.domain
-  zone_id          = module.route53_fargate_ui.zone_id
-  from_mail_prefix = "mailing"
-  enable           = !local.is_sandbox_or_test
+  source        = "./modules/ses"
+  domain_prefix = local.domain_prefix
+  domain        = local.domain
+  zone_id       = module.route53_fargate_ui.zone_id
+  enable        = !local.is_sandbox
 }

infrastructure/variable.tf

@@ -201,15 +201,4 @@ locals {
 
   current_region     = data.aws_region.current.name
   current_account_id = data.aws_caller_identity.current.account_id
-
-  ses_feedback_sender_email_address = (module.ndr-feedback-mailbox.is_enable
-    ? "feedback@${module.ndr-feedback-mailbox.mail_from_domain_name}"
-    : "[email protected].${var.domain}"
-  )
-  feedback_recipient_list_ssm_param_key = (local.is_sandbox_or_test
-    ? "/prs/dev/user-input/feedback-recipient-email-list"
-    : "/prs/${var.environment}/user-input/feedback-recipient-email-list"
-  )
-  ses_send_feedback_email_resource_arn = "arn:aws:ses:${local.current_region}:${local.current_account_id}:identity/*"
-
 }