diff --git a/src/ses/configurationsetdeliveryoptions/__tests__/__snapshots__/index.test.ts.snap b/src/ses/configurationsetdeliveryoptions/__tests__/__snapshots__/index.test.ts.snap new file mode 100644 index 00000000..c51f8c70 --- /dev/null +++ b/src/ses/configurationsetdeliveryoptions/__tests__/__snapshots__/index.test.ts.snap @@ -0,0 +1,98 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`configuration-set-delivery-options 1`] = ` +Object { + "Resources": Object { + "AWS679f53fac002430cb0da5b7982bd22872D164C4C": Object { + "DependsOn": Array [ + "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + ], + "Properties": Object { + "Code": Any, + "Handler": "index.handler", + "Role": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + "Arn", + ], + }, + "Runtime": "nodejs12.x", + "Timeout": 120, + }, + "Type": "AWS::Lambda::Function", + }, + "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": Object { + "Properties": Object { + "AssumeRolePolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": Object { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": Array [ + Object { + "Fn::Join": Array [ + "", + Array [ + "arn:", + Object { + "Ref": "AWS::Partition", + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + ], + ], + }, + ], + }, + "Type": "AWS::IAM::Role", + }, + "DeliveryOptionsCustomResourcePolicyBEF2DFD1": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "ses:PutConfigurationSetDeliveryOptions", + "Effect": "Allow", + "Resource": "*", + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "DeliveryOptionsCustomResourcePolicyBEF2DFD1", + "Roles": Array [ + Object { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "DeliveryOptionsDC6E2A1D": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "DeliveryOptionsCustomResourcePolicyBEF2DFD1", + ], + "Properties": Object { + "Create": "{\\"service\\":\\"SES\\",\\"action\\":\\"putConfigurationSetDeliveryOptions\\",\\"parameters\\":{\\"ConfigurationSetName\\":\\"exampleconfigurationset\\",\\"DeliveryOptions\\":{\\"TlsPolicy\\":\\"Require\\"}},\\"physicalResourceId\\":{\\"id\\":\\"exampleconfigurationset\\"}}", + "Delete": "{\\"service\\":\\"SES\\",\\"action\\":\\"putConfigurationSetDeliveryOptions\\",\\"parameters\\":{\\"ConfigurationSetName\\":\\"exampleconfigurationset\\"}}", + "InstallLatestAwsSdk": true, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn", + ], + }, + "Update": "{\\"service\\":\\"SES\\",\\"action\\":\\"putConfigurationSetDeliveryOptions\\",\\"parameters\\":{\\"ConfigurationSetName\\":\\"exampleconfigurationset\\",\\"DeliveryOptions\\":{\\"TlsPolicy\\":\\"Require\\"}},\\"physicalResourceId\\":{\\"id\\":\\"exampleconfigurationset\\"}}", + }, + "Type": "Custom::AWS", + "UpdateReplacePolicy": "Delete", + }, + }, +} +`; diff --git a/src/ses/configurationsetdeliveryoptions/__tests__/index.test.ts b/src/ses/configurationsetdeliveryoptions/__tests__/index.test.ts new file mode 100644 index 00000000..ae00ee4b --- /dev/null +++ b/src/ses/configurationsetdeliveryoptions/__tests__/index.test.ts @@ -0,0 +1,17 @@ +import { App, Stack } from "aws-cdk-lib" +import "jest-cdk-snapshot" +import { ConfigurationSetDeliveryOptions } from "../index" + +test("configuration-set-delivery-options", () => { + const app = new App() + const stack = new Stack(app, "Stack") + + new ConfigurationSetDeliveryOptions(stack, "DeliveryOptions", { + configurationSetName: "exampleconfigurationset", + tlsPolicy: "Require", + }) + + expect(stack).toMatchCdkSnapshot({ + ignoreAssets: true, + }) +}) diff --git a/src/ses/configurationsetdeliveryoptions/index.ts b/src/ses/configurationsetdeliveryoptions/index.ts new file mode 100644 index 00000000..96db5d84 --- /dev/null +++ b/src/ses/configurationsetdeliveryoptions/index.ts @@ -0,0 +1,67 @@ +import * as constructs from "constructs" +import * as cr from "aws-cdk-lib/custom-resources" +import * as iam from "aws-cdk-lib/aws-iam" + +export type TlsPolicy = "Require" | "Optional" + +export interface ConfigurationSetDeliveryOptionsProps { + /** + * The name of an existing SES configuration set to update delivery options on + */ + configurationSetName: string + /** + * The TLS policy for outgoing emails + * + * Setting this to "Require" will make mail delivery fail if SES cannot + * establish a TLS-encrypted connection to the receiving mail server. + */ + tlsPolicy: TlsPolicy +} + +/** + * Set Delivery Options for a SES Configuration Set. + * + * Currently the only delivery option that can be set is the TLS Policy, which + * can be set to either "Require" or "Optional". If set to "Require" SES + * will refuse to deliver mail to mail servers it cannot connect to using + * an encrypted connection. + */ +export class ConfigurationSetDeliveryOptions extends constructs.Construct { + constructor( + scope: constructs.Construct, + id: string, + props: ConfigurationSetDeliveryOptionsProps, + ) { + super(scope, id) + + new cr.AwsCustomResource(this, "Resource", { + policy: cr.AwsCustomResourcePolicy.fromStatements([ + new iam.PolicyStatement({ + actions: ["ses:PutConfigurationSetDeliveryOptions"], + resources: ["*"], + }), + ]), + // Handles both onCreate and onUpdate + onUpdate: { + service: "SES", + action: "putConfigurationSetDeliveryOptions", + parameters: { + ConfigurationSetName: props.configurationSetName, + DeliveryOptions: { + TlsPolicy: props.tlsPolicy, + }, + }, + physicalResourceId: cr.PhysicalResourceId.of( + props.configurationSetName, + ), + }, + onDelete: { + service: "SES", + action: "putConfigurationSetDeliveryOptions", + parameters: { + ConfigurationSetName: props.configurationSetName, + }, + }, + }) + } +} diff --git a/src/ses/index.ts b/src/ses/index.ts index 2267fcf3..03e598b3 100644 --- a/src/ses/index.ts +++ b/src/ses/index.ts @@ -5,3 +5,4 @@ export { ConfigurationSetSnsDestinationEventType, ConfigurationSetSnsDestination, } from "./configurationsetsnsdestination" +export { ConfigurationSetDeliveryOptions } from "./configurationsetdeliveryoptions"