I'm trying to figure out how to automate the creation of several cloud resources in AWS, using CloudFormation.
Now I need to include the creation of SES (Simple Email Service) domain, but couldn't find the documentation, but I've already checked:
Do AWS support SES in CloudFormation?
CloudFormation provides several built-in Amazon SES resource types , but as of 2020 is still missing the ones many people need: domain and email verification .
Fortunately, CloudFormation has the ability to define your own custom resource types . I've built Custom::SES_Domain
and Custom::SES_EmailIdentity
resources that are designed to play well with other CloudFormation resources. Get them here: https://github.com/medmunds/aws-cfn-ses-domain .
Once you've pulled the custom CfnSESResources
into your template, you can verify an SES domain like this:
Resources:
# Provision a domain with Amazon SES:
MySESDomain:
Type: Custom::SES_Domain
Properties:
ServiceToken: !GetAtt CfnSESResources.Outputs.CustomDomainIdentityArn
Domain: "example.com"
EnableSend: true
EnableReceive: false
# Then add all required DNS records for SES verification and usage:
MyRoute53RecordsForSES:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneName: "example.com."
RecordSets: !GetAtt MySESDomain.Route53RecordSets
Full instructions are in the repository. Custom::SES_Domain
has properties for controlling several common SES domain options, and exposes attributes that feed into your CloudFormation DNS resources: either a standard AWS::Route53::RecordSetGroup
resource as shown above, or other (external) DNS providers via zone file entries.
Unfortunately this is currently not supported, but who knows Re:Invent 2017 is around the corner ,,,
Question asked on AWS Developer Forum
It is possible by creating a custom function, some blog about SES and cloudformation.
Though AWS Cloudformation is not currently supported use the AWS SDKs ( egNode SDK ) to provision the SES resources required.
Its a common practice to use custom code with AWS SDKs and AWS CLI commands in combination with CloudFormation to provision resources AWS since each approach can be advantages, based on the parameters, number of resources, repetitions and etc.
Here is the current list of SES Resource Types supported by CloudFormation :
AWS::SES::ConfigurationSet
AWS::SES::ConfigurationSetEventDestination
AWS::SES::ReceiptFilter
AWS::SES::ReceiptRule
AWS::SES::ReceiptRuleSet
AWS::SES::Template
Update October 2022
CloudFormation now supports the AWS::SES::EmailIdentity resource, which allows us to define both domains and email addresses through infrastructure as code.
According to the CloudFormation release history this resource was added on June 30, 2022.
Not supported. But, you can make it handled by lambda.
AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Description: >-
A simple email example
Resources:
FunctionEmailHandler:
Type: 'AWS::Serverless::Function'
Properties:
Handler: email.handler
Runtime: nodejs6.10
CodeUri: ..
Description: >-
...
Tags:
App: your app
MemorySize: 128
Timeout: 10
Policies:
- Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- 's3:GetObject'
Resource: '*'
LambdaInvokePermission:
Type: "AWS::Lambda::Permission"
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt FunctionEmailHandler.Arn
Principal: ses.amazonaws.com
SESEmailRecievedRule:
Type: "AWS::SES::ReceiptRule"
Properties:
RuleSetName: your default rule set name
After: store-email-to-s3
Rule:
Name: email-recieved-rule
Enabled: true
Actions:
- LambdaAction:
FunctionArn: !GetAtt FunctionEmailHandler.Arn
InvocationType: Event
CloudFormation provides a nativ AWS::SES::EmailIdentity resource now. (since 30.07.2022)
Here is an example with automated Route53 DEKIM setup/verification:
EmailIdentity:
Type: AWS::SES::EmailIdentity
Properties:
EmailIdentity: {your.domain.com}
Route53DEKIM:
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: {ZoneId}
RecordSets:
- Name: !GetAtt EmailIdentity.DkimDNSTokenName1
Type: CNAME
TTL: '3600'
ResourceRecords:
- !GetAtt EmailIdentity.DkimDNSTokenValue1
- Name: !GetAtt EmailIdentity.DkimDNSTokenName2
Type: CNAME
TTL: '3600'
ResourceRecords:
- !GetAtt EmailIdentity.DkimDNSTokenValue2
- Name: !GetAtt EmailIdentity.DkimDNSTokenName3
Type: CNAME
TTL: '3600'
ResourceRecords:
- !GetAtt EmailIdentity.DkimDNSTokenValue3
{your.domain.com}
and {ZoneId}
must be adapted.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.