email identity validation added

akbaralihussain · akbaralihussain · commit f7175c49f31b · 2024-11-23T12:51:20.000-08:00
diff --git a/main.tf b/main.tf
@@ -1,3 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
 data "aws_caller_identity" "current" {}
 data "aws_region" "current" {}
 
diff --git a/pinpoint-email.tf b/pinpoint-email.tf
@@ -9,6 +9,7 @@ resource "aws_pinpoint_email_channel" "email" {
 
   application_id = aws_pinpoint_app.project[each.key].application_id
   from_address   = each.value.from_email
-  identity = aws_ses_email_identity.email[each.value.from_email].arn
+  # domain identify (if domain identity verification), if not then Email identity 
+  identity = (each.value.verify_domain_identity) ? aws_ses_domain_identity.domain[split("@", each.value.from_email)[1]].arn : aws_ses_email_identity.email[each.value.from_email].arn
   role_arn = aws_iam_role.pinpoint[each.key].arn
 }
diff --git a/ses-identity-domain.tf b/ses-identity-domain.tf
@@ -1,11 +1,6 @@
 locals {
-  valid_from_emails = [for p in local.projects_need_email : p.from_email]
-  valid_to_emails   = flatten([for p in local.projects_need_email : (p.to_emails != null) ? p.to_emails : []])
-  email_identities  = toset(distinct(concat(local.valid_from_emails, local.valid_to_emails)))
-
-  valid_domains     = [for p in local.projects_need_email : split("@", p.from_email)[1]]
-  domain_identities = toset(distinct(local.valid_domains))
-
+  valid_domains           = [for p in local.projects_need_email : split("@", p.from_email)[1]]
+  domain_identities       = toset(distinct(local.valid_domains))
   valid_domains_to_verify = [for p in local.projects_need_domain_verification : split("@", p.from_email)[1]]
   domains_to_verify       = toset(distinct(local.valid_domains_to_verify))
 }
diff --git a/ses-identity-email.tf b/ses-identity-email.tf
@@ -1,7 +1,13 @@
+locals {
+  valid_from_emails          = [for p in local.projects_need_email : p.from_email]
+  from_emails_for_identities = flatten([for p in local.projects_need_email : (p.verify_domain_identity) ? [] : [p.from_email]])
+  valid_to_emails            = flatten([for p in local.projects_need_email : (p.to_emails != null) ? p.to_emails : []])
+  emails_for_identities      = toset(distinct(concat(local.from_emails_for_identities, local.valid_to_emails)))
+}
 
 # create all Email identities
 resource "aws_ses_email_identity" "email" {
-  for_each = local.email_identities
+  for_each = local.emails_for_identities
 
   email = each.value
 }

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ resource "aws_pinpoint_email_channel" "email" {`
`9`	`9`
`10`	`10`	`application_id = aws_pinpoint_app.project[each.key].application_id`
`11`	`11`	`from_address = each.value.from_email`
`12`		`- identity = aws_ses_email_identity.email[each.value.from_email].arn`
	`12`	`+ # domain identify (if domain identity verification), if not then Email identity`
	`13`	`+ identity = (each.value.verify_domain_identity) ? aws_ses_domain_identity.domain[split("@", each.value.from_email)[1]].arn : aws_ses_email_identity.email[each.value.from_email].arn`
`13`	`14`	`role_arn = aws_iam_role.pinpoint[each.key].arn`
`14`	`15`	`}`