Some AWS resources are not availble via Cloudformation but can be managed via AWS API. One example is SES Domain Identity and Domain DKIM configuration.
It's easy to make API Calls using CDK. Check out the example below
Created
July 20, 2021 09:02
-
-
Save fabiopaiva/6e1510b8684ed1cd2f8aecd748683fdb to your computer and use it in GitHub Desktop.
Configure AWS SES Domain Identity and DKIM with CDK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from aws_cdk import core as cdk | |
| from aws_cdk import custom_resources | |
| from aws_cdk import aws_route53 as route53 | |
| class SesStack(cdk.Stack): | |
| _hosted_zone: route53.IHostedZone | |
| def __init__( | |
| self, | |
| scope: cdk.Construct, | |
| construct_id: str, | |
| hosted_zone: route53.IHostedZone, | |
| **kwargs, | |
| ) -> None: | |
| super().__init__(scope, construct_id, **kwargs) | |
| self._hosted_zone = hosted_zone | |
| self.configure_aws_ses() | |
| def configure_aws_ses(self): | |
| self.configure_aws_ses_domain_identity() | |
| self.configure_domain_dkim() | |
| def configure_aws_ses_domain_identity(self): | |
| verify_domain_identity = custom_resources.AwsCustomResource( | |
| self, | |
| "VerifySesDomain", | |
| on_create=custom_resources.AwsSdkCall( | |
| service="SES", | |
| action="verifyDomainIdentity", | |
| parameters={"Domain": "example.com"}, | |
| physical_resource_id=custom_resources.PhysicalResourceId.from_response( | |
| "VerificationToken" | |
| ), | |
| ), | |
| # https://github.com/aws/aws-cdk/issues/4533 | |
| policy=custom_resources.AwsCustomResourcePolicy.from_statements( | |
| statements=[ | |
| iam.PolicyStatement( | |
| actions=["ses:VerifyDomainIdentity"], | |
| resources=["*"], | |
| ) | |
| ] | |
| ), | |
| ) | |
| route53.TxtRecord( | |
| self, | |
| "SESVerificationRecord", | |
| zone=self._hosted_zone, | |
| record_name=f"_amazonses.example.com", | |
| values=[verify_domain_identity.get_response_field("VerificationToken")], | |
| ) | |
| def configure_domain_dkim(self): | |
| verify_domain_dkim = custom_resources.AwsCustomResource( | |
| self, | |
| "VerifySesDomainDkim", | |
| on_create=custom_resources.AwsSdkCall( | |
| service="SES", | |
| action="verifyDomainDkim", | |
| parameters={"Domain": "example.com"}, | |
| physical_resource_id=custom_resources.PhysicalResourceId.of( | |
| f"ses_dkim_domain-example.com" | |
| ), | |
| ), | |
| # https://github.com/aws/aws-cdk/issues/4533 | |
| policy=custom_resources.AwsCustomResourcePolicy.from_statements( | |
| statements=[ | |
| iam.PolicyStatement( | |
| actions=["ses:VerifyDomainDkim"], | |
| resources=["*"], | |
| ) | |
| ] | |
| ), | |
| ) | |
| route53.CnameRecord( | |
| self, | |
| "SESDkimVerificationRecord0", | |
| zone=self._hosted_zone, | |
| record_name=f"{verify_domain_dkim.get_response_field('DkimTokens.0')}._domainkey", | |
| domain_name=f"{verify_domain_dkim.get_response_field('DkimTokens.0')}.dkim.amazonses.com", | |
| ) | |
| route53.CnameRecord( | |
| self, | |
| "SESDkimVerificationRecord1", | |
| zone=self._hosted_zone, | |
| record_name=f"{verify_domain_dkim.get_response_field('DkimTokens.1')}._domainkey", | |
| domain_name=f"{verify_domain_dkim.get_response_field('DkimTokens.1')}.dkim.amazonses.com", | |
| ) | |
| route53.CnameRecord( | |
| self, | |
| "SESDkimVerificationRecord2", | |
| zone=self._hosted_zone, | |
| record_name=f"{verify_domain_dkim.get_response_field('DkimTokens.2')}._domainkey", | |
| domain_name=f"{verify_domain_dkim.get_response_field('DkimTokens.2')}.dkim.amazonses.com", | |
| ) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Since June 2022 CloudFormation supports SES https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ses-emailidentity.html