简体   繁体   中英

Do AWS support SES in CloudFormation?

I'm trying to figure out how to automate the creation of several cloud resources in AWS, using CloudFormation.

Now I need to include the creation of SES (Simple Email Service) domain, but couldn't find the documentation, but I've already checked:

Do AWS support SES in CloudFormation?

CloudFormation provides several built-in Amazon SES resource types , but as of 2020 is still missing the ones many people need: domain and email verification .

Fortunately, CloudFormation has the ability to define your own custom resource types . I've built Custom::SES_Domain and Custom::SES_EmailIdentity resources that are designed to play well with other CloudFormation resources. Get them here: https://github.com/medmunds/aws-cfn-ses-domain .

Once you've pulled the custom CfnSESResources into your template, you can verify an SES domain like this:

Resources:
  # Provision a domain with Amazon SES:
  MySESDomain:
    Type: Custom::SES_Domain
    Properties:
      ServiceToken: !GetAtt CfnSESResources.Outputs.CustomDomainIdentityArn
      Domain: "example.com"
      EnableSend: true
      EnableReceive: false

  # Then add all required DNS records for SES verification and usage:
  MyRoute53RecordsForSES:
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneName: "example.com."
      RecordSets: !GetAtt MySESDomain.Route53RecordSets

Full instructions are in the repository. Custom::SES_Domain has properties for controlling several common SES domain options, and exposes attributes that feed into your CloudFormation DNS resources: either a standard AWS::Route53::RecordSetGroup resource as shown above, or other (external) DNS providers via zone file entries.

Unfortunately this is currently not supported, but who knows Re:Invent 2017 is around the corner ,,,

Question asked on AWS Developer Forum

It is possible by creating a custom function, some blog about SES and cloudformation.

Though AWS Cloudformation is not currently supported use the AWS SDKs ( egNode SDK ) to provision the SES resources required.

Its a common practice to use custom code with AWS SDKs and AWS CLI commands in combination with CloudFormation to provision resources AWS since each approach can be advantages, based on the parameters, number of resources, repetitions and etc.

Here is the current list of SES Resource Types supported by CloudFormation :

AWS::SES::ConfigurationSet

AWS::SES::ConfigurationSetEventDestination

AWS::SES::ReceiptFilter

AWS::SES::ReceiptRule

AWS::SES::ReceiptRuleSet

AWS::SES::Template

Update October 2022

CloudFormation now supports the AWS::SES::EmailIdentity resource, which allows us to define both domains and email addresses through infrastructure as code.

According to the CloudFormation release history this resource was added on June 30, 2022.

Not supported. But, you can make it handled by lambda.

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: >-
  A simple email example
Resources:
  FunctionEmailHandler:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: email.handler
      Runtime: nodejs6.10
      CodeUri: ..
      Description: >-
        ...
      Tags:
        App: your app
      MemorySize: 128
      Timeout: 10    
      Policies:
        - Version: '2012-10-17'
          Statement:
            - Effect: Allow
              Action:
                - 's3:GetObject'
              Resource: '*'

  LambdaInvokePermission:
    Type: "AWS::Lambda::Permission"
    Properties:
      Action: 'lambda:InvokeFunction'
      FunctionName: !GetAtt FunctionEmailHandler.Arn
      Principal: ses.amazonaws.com

  SESEmailRecievedRule:
    Type: "AWS::SES::ReceiptRule"
    Properties:
      RuleSetName: your default rule set name
      After: store-email-to-s3
      Rule:
        Name: email-recieved-rule
        Enabled: true
        Actions:
          - LambdaAction:
              FunctionArn: !GetAtt FunctionEmailHandler.Arn
              InvocationType: Event

CloudFormation provides a nativ AWS::SES::EmailIdentity resource now. (since 30.07.2022)

Here is an example with automated Route53 DEKIM setup/verification:

EmailIdentity:
    Type: AWS::SES::EmailIdentity
    Properties: 
        EmailIdentity: {your.domain.com}

Route53DEKIM:
    Type: AWS::Route53::RecordSetGroup
    Properties:
        HostedZoneId: {ZoneId}
        RecordSets:
            -   Name: !GetAtt EmailIdentity.DkimDNSTokenName1
                Type: CNAME
                TTL: '3600'
                ResourceRecords:
                    - !GetAtt EmailIdentity.DkimDNSTokenValue1
            -   Name: !GetAtt EmailIdentity.DkimDNSTokenName2
                Type: CNAME
                TTL: '3600'
                ResourceRecords:
                    - !GetAtt EmailIdentity.DkimDNSTokenValue2
            -   Name: !GetAtt EmailIdentity.DkimDNSTokenName3
                Type: CNAME
                TTL: '3600'
                ResourceRecords:
                    - !GetAtt EmailIdentity.DkimDNSTokenValue3

{your.domain.com} and {ZoneId} must be adapted.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM