feat (aws/ses): dynamic route53 records and output (#20)

withlogicco · Oct 24, 2024 · 3192b4f · 3192b4f
2 parents 103ed46 + 26ff4d0
commit 3192b4f
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 36 deletions.
diff --git a/aws/ses/locals.tf b/aws/ses/locals.tf
@@ -4,4 +4,37 @@ locals {
     Project     = var.project
     Domain      = var.domain
   }
+  validation_dns_records_ses_identity = [
+    {
+      name     = "_amazonses.${var.ses_domain}"
+      type     = "TXT"
+      value    = aws_ses_domain_identity.domain.verification_token
+      priority = null
+    }
+  ]
+  validation_dns_records_dkim = [
+    for i in range(length(aws_ses_domain_dkim.dkim.dkim_tokens)) : {
+      name     = "${aws_ses_domain_dkim.dkim.dkim_tokens[i]}._domainkey.${var.ses_domain}"
+      type     = "CNAME"
+      value    = "${aws_ses_domain_dkim.dkim.dkim_tokens[i]}.dkim.amazonses.com"
+      priority = null
+    }
+  ]
+  validation_dns_records_mailfrom_mx = (var.mail_from_domain == null ? [] : [
+    {
+      name     = var.mail_from_domain
+      type     = "MX"
+      value    = "feedback-smtp.${var.region}.amazonaws.com"
+      priority = 10,
+    }
+  ])
+  validation_dns_records_mailfrom_txt = (var.mail_from_domain == null ? [] : [
+    {
+      name     = var.mail_from_domain
+      type     = "TXT"
+      value    = "v=spf1 include:amazonses.com ~all"
+      priority = null
+    }
+  ])
+  validation_dns_records = concat(local.validation_dns_records_ses_identity, local.validation_dns_records_dkim, local.validation_dns_records_mailfrom_mx, local.validation_dns_records_mailfrom_txt)
 }
diff --git a/aws/ses/outputs.tf b/aws/ses/outputs.tf
@@ -7,3 +7,8 @@ output "policy_arn" {
   description = "ARN of the SES domain identity policy"
   value       = aws_iam_policy.main.arn
 }
+
+output "validation_dns_records" {
+  description = "DNS records to validate SES"
+  value       = local.validation_dns_records
+}
diff --git a/aws/ses/route53.tf b/aws/ses/route53.tf
@@ -1,37 +1,11 @@
-resource "aws_route53_record" "domain_amazonses_verification_record" {
-  count   = var.route53_zone != null ? 1 : 0
-  zone_id = var.route53_zone
-  name    = "_amazonses.${var.ses_domain}"
-  type    = "TXT"
-  ttl     = "3600"
-  records = [aws_ses_domain_identity.domain.verification_token]
-}
-
-resource "aws_route53_record" "domain_amazonses_dkim_record" {
-  count   = var.route53_zone != null ? 3 : 0
-  zone_id = var.route53_zone
-  name    = "${element(aws_ses_domain_dkim.dkim.dkim_tokens, count.index)}._domainkey.${var.ses_domain}"
-  type    = "CNAME"
-  ttl     = "3600"
-  records = ["${element(aws_ses_domain_dkim.dkim.dkim_tokens, count.index)}.dkim.amazonses.com"]
-}
-
-resource "aws_route53_record" "domain_amazonses_feedback_mx_record" {
-  count = (var.route53_zone != null && var.mail_from_domain != null) ? 1 : 0
-
-  zone_id = var.route53_zone
-  name    = var.mail_from_domain
-  type    = "MX"
-  records = ["10 feedback-smtp.${var.region}.amazonaws.com"]
-  ttl     = 60
-}
-
-resource "aws_route53_record" "domain_amazonses_feedback_txt_record" {
-  count = (var.route53_zone != null && var.mail_from_domain != null) ? 1 : 0
-
-  zone_id = var.route53_zone
-  name    = var.mail_from_domain
-  type    = "TXT"
-  records = ["v=spf1 include:amazonses.com ~all"]
-  ttl     = 60
+resource "aws_route53_record" "ses_validation_record" {
+  count   = var.route53_zone != null ? length(local.validation_dns_records) : 0
+  zone_id = var.route53_zone
+  name    = local.validation_dns_records[count.index].name
+  type    = local.validation_dns_records[count.index].type
+  records = [
+    (local.validation_dns_records[count.index].type == "MX") ?
+    "${local.validation_dns_records[count.index].priority} ${local.validation_dns_records[count.index].value}" :
+    local.validation_dns_records[count.index].value
+  ]
 }