terraform.aws-baseline-infra/modules/FrontendWebMobile/Ses/main.tf

data "aws_caller_identity" "this" {}
data "aws_region" "this" {}

resource "aws_sesv2_email_identity" "this" {
  for_each               = toset(var.emails)
  email_identity         = each.value
  configuration_set_name = aws_sesv2_configuration_set.this.configuration_set_name
}

resource "aws_sesv2_configuration_set" "this" {
  configuration_set_name = "default-sesv2-configuration-set"

  delivery_options {
    tls_policy = var.require_tls ? "REQUIRE" : "OPTIONAL"
  }

  reputation_options {
    reputation_metrics_enabled = var.reputation_metrics_enabled
  }

  sending_options {
    sending_enabled = true
  }
}

# The exact same policy can be created successfully on console!
#resource "aws_sesv2_email_identity_policy" "this" {
#  for_each       = aws_sesv2_email_identity.this
#  email_identity = each.value.arn
#  policy_name    = "default-policy"
#  # policy         = data.aws_iam_policy_document.ses-policy[each.key].json
#  policy = jsonencode({
#    "Version" : "2012-10-17",
#    "Statement" : [
#      {
#        "Sid" : "default",
#        "Effect" : "Allow",
#        "Principal" : {
#          "AWS" : "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"
#        },
#        "Action" : [
#          "ses:SendEmail",
#          "ses:SendRawEmail"
#        ],
#        "Resource" : each.value.arn,
#        "Condition" : {}
#      }
#    ]
#  })
#}

#data "aws_iam_policy_document" "ses-policy" {
#  for_each = aws_sesv2_email_identity.this
#  statement {
#    sid       = "default"
#    actions   = ["SES:SendEmail", "SES:SendRawEmail"]
#    resources = [each.value.arn]
#    principals {
#      identifiers = [data.aws_caller_identity.this.account_id]
#      type        = "AWS"
#    }
#  }
#}
NEW: New module FrontendWebMobile/Ses/ 2024-03-31 18:01:00 +08:00			`data "aws_caller_identity" "this" {}`
			`data "aws_region" "this" {}`

			`resource "aws_sesv2_email_identity" "this" {`
			`for_each = toset(var.emails)`
			`email_identity = each.value`
			`configuration_set_name = aws_sesv2_configuration_set.this.configuration_set_name`
			`}`

			`resource "aws_sesv2_configuration_set" "this" {`
			`configuration_set_name = "default-sesv2-configuration-set"`

			`delivery_options {`
			`tls_policy = var.require_tls ? "REQUIRE" : "OPTIONAL"`
			`}`

			`reputation_options {`
			`reputation_metrics_enabled = var.reputation_metrics_enabled`
			`}`

			`sending_options {`
			`sending_enabled = true`
			`}`
			`}`

			`# The exact same policy can be created successfully on console!`
			`#resource "aws_sesv2_email_identity_policy" "this" {`
			`# for_each = aws_sesv2_email_identity.this`
			`# email_identity = each.value.arn`
			`# policy_name = "default-policy"`
			`# # policy = data.aws_iam_policy_document.ses-policy[each.key].json`
			`# policy = jsonencode({`
			`# "Version" : "2012-10-17",`
			`# "Statement" : [`
			`# {`
			`# "Sid" : "default",`
			`# "Effect" : "Allow",`
			`# "Principal" : {`
			`# "AWS" : "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"`
			`# },`
			`# "Action" : [`
			`# "ses:SendEmail",`
			`# "ses:SendRawEmail"`
			`# ],`
			`# "Resource" : each.value.arn,`
			`# "Condition" : {}`
			`# }`
			`# ]`
			`# })`
			`#}`

			`#data "aws_iam_policy_document" "ses-policy" {`
			`# for_each = aws_sesv2_email_identity.this`
			`# statement {`
			`# sid = "default"`
			`# actions = ["SES:SendEmail", "SES:SendRawEmail"]`
			`# resources = [each.value.arn]`
			`# principals {`
			`# identifiers = [data.aws_caller_identity.this.account_id]`
			`# type = "AWS"`
			`# }`
			`# }`
			`#}`