Skip to content

codeforamerica/tofu-modules-aws-ses

BranchesTags

Repository files navigation

AWS Simple Email Service (SES) Modules

GitHub Release

This modules configures configures a domain for Amazon Simple Email Service, optional email identities to support receiving mail from a sandbox account, and an IAM policy that allows sending mail using the created identities.

Usage

Add this module to your main.tf (or appropriate) file and configure the inputs to match your desired configuration. For example:

Tip

All new SES accounts are placed in sandbox mode, with several restrictions on sending email. While in sandbox mode, you can only send email to other verified identities.

The easiest way to do this, is to use the allowed_recipients input to specify a list of recipeints that should be authorized to recieve email from the domain. A verification email will be sent to each address. The address must be verified before it can receive mail.

Once your acccount has been approved for production access, you no longer need this.

module "ses" {
  source = "github.com/codeforamerica/tofu-modules-aws-ses?ref=1.0.0"

  project            = "my-project"
  environment        = "production"
  domain             = "my-project.com"
  allowed_recipients = ["me@example.com"]
}

You can attach the create IAM policy to one or more IAM roles attached to resources, to allow those resources to send mail using the created identities.

Note

You can also pass the policy ARN to another module that's responsible for configuring your roles, such as our aws_fargate_service module.

For example:

resource "aws_iam_role_policy_attachment" "web_ses" {
  role       = aws_iam_role.web.name
  policy_arn = module.ses.iam_policy_arn
}

Make sure you re-run tofu init after adding the module to your configuration.

tofu init
tofu plan

Inputs

Name Description Type Default Required
domain The domain to register with SES. string n/a yes
project Project these resources are supporting. Used to prefix resource names. string n/a yes
allowed_recipients List of email addresses to create identities for, allowing them to receive email from the domain. This is required in order for recipients to receive email from the domain while in sandbox mode. list(string) [] no
dmarc_rua_mailbox The mailbox where DMARC RUA reports will be sent. string "dmarc" no
environment Name of the deployment environment. Used to prefix resource names. string "development" no
from_subdomain The subdomain used when sending email from the domain. string "bounce" no
tags Optional tags to be applied to all resources. list [] no

Outputs

Name Description Type
iam_policy_arn ARN of the IAM policy that allows sending email via SES using the identity created by this module. Attach to an IAM role via aws_iam_role_policy_attachment to allow sending email via SES. string
identity_arn ARN of the created SES domain identity. string
recipient_identities ARNs of the SES email identities created for allowed recipients. map(string)

Contributing

Follow the contributing guidelines to contribute to this repository.

About

OpenTofu module to configure and manage Amazon Simple Email Service (SES).

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

1.0.0 Latest
Feb 5, 2026

Packages

 
 
 

Contributors

Languages

Generated from codeforamerica/tofu-modules-template