[DEV-1013] - Create DNS records to verify domain for SES (#334)

.infrastructure/10_dns.tf

@@ -76,3 +76,24 @@ resource "aws_route53_record" "devportal_cognito_A" {
     zone_id = aws_cognito_user_pool_domain.devportal.cloudfront_distribution_zone_id
   }
 }
+
+// TODO: Once the Terraform module will be fixed, we can remove these two dkim records
+// TXT Record SES will use to validate that a message was not forged or altered in transit
+resource "aws_route53_record" "devportal_ses_dkim_txt" {
+  name    = module.ses_developer_pagopa_it.verification_token.name
+  type    = "TXT"
+  zone_id = aws_route53_zone.dev_portal.zone_id
+  records = [module.ses_developer_pagopa_it.verification_token.value]
+  ttl     = 3600
+}
+
+// CNAME Record SES will use to validate that a message was not forged or altered in transit
+resource "aws_route53_record" "devportal_ses_dkim_cname" {
+  count = 3
+
+  zone_id = aws_route53_zone.dev_portal.zone_id
+  name    = module.ses_developer_pagopa_it.dkim_tokens[count.index].name
+  type    = "CNAME"
+  ttl     = 3600
+  records = [module.ses_developer_pagopa_it.dkim_tokens[count.index].value]
+}

.infrastructure/65_ses.tf

@@ -1,11 +1,8 @@
 # SES Configuration
 module "ses_developer_pagopa_it" {
-  source        = "github.com/pagopa/terraform-aws-ses.git?ref=58c1263afa441692e67d1be5dca809e65d6852df" # v1.2.1
-  aws_region    = var.aws_region
-  domain        = var.dns_domain_name
-  verify_dkim   = true
-  verify_domain = true
-  zone_id       = aws_route53_zone.dev_portal.zone_id
+  source     = "github.com/pagopa/terraform-aws-ses.git?ref=58c1263afa441692e67d1be5dca809e65d6852df" # v1.2.1
+  aws_region = var.aws_region
+  domain     = var.dns_domain_name
 
   iam_permissions = [
     "ses:SendCustomVerificationEmail",
@@ -16,5 +13,4 @@ module "ses_developer_pagopa_it" {
 
   ses_group_name = "DevPortalSES"
   user_name      = "DevPortal"
-
 }