Merge pull request #163 from ministryofjustice/ag--airflow-SMTP-users

Added SES SMTP user for Airflow

infra/terraform/modules/ses_smtp_user/inputs.tf

@@ -0,0 +1,3 @@
+variable "ses_domain_identity_arn" {}
+
+variable "username" {}

infra/terraform/modules/ses_smtp_user/main.tf

@@ -0,0 +1,28 @@
+resource "aws_iam_user" "smtp_user" {
+  name = "${var.username}"
+}
+
+resource "aws_iam_access_key" "access_key" {
+  user = "${aws_iam_user.smtp_user.name}"
+}
+
+resource "aws_iam_user_policy" "smtp_user_policy" {
+  name = "${aws_iam_user.smtp_user.name}_policy"
+  user = "${aws_iam_user.smtp_user.name}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+        "Action": [
+            "ses:SendRawEmail",
+            "ses:SendEmail"
+        ],
+        "Effect": "Allow",
+        "Resource": "${var.ses_domain_identity_arn}"
+    }
+  ]
+}
+EOF
+}

infra/terraform/modules/ses_smtp_user/outputs.tf

@@ -0,0 +1,3 @@
+output "password" {
+  value = "${aws_iam_access_key.access_key.ses_smtp_password}"
+}

infra/terraform/platform/main.tf

@@ -120,6 +120,14 @@ module "airflow_db" {
   subnet_ids             = "${module.aws_vpc.storage_subnet_ids}"
 }
 
+module "airflow_smtp_user" {
+  source = "../modules/ses_smtp_user"
+
+  ses_domain_identity_arn = "${data.terraform_remote_state.base.xyz_root_domain_ses_identity_arn}"
+
+  username = "${terraform.workspace}_airflow_smtp_user"
+}
+
 module "cert_manager" {
   source           = "../modules/ec2_cert_manager_role"
   role_name        = "${terraform.workspace}-cert-manager"

infra/terraform/platform/outputs.tf

@@ -6,6 +6,10 @@ output "airflow_efs_host" {
   value = "${module.airflow_storage_efs_volume.dns_name}"
 }
 
+output "airflow_smtp_password" {
+  value = "${module.airflow_smtp_user.password}"
+}
+
 output "control_panel_api_db_host" {
   value = "${module.control_panel_api.db_host}"
 }