From eb312b1f07ae80428b17b8a3a9f1266751499fb3 Mon Sep 17 00:00:00 2001 From: Joel Balcaen Date: Mon, 25 Mar 2024 15:52:02 -0300 Subject: [PATCH 1/3] remove environment var --- lambdas/email_receipt_confirmation/lambda.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lambdas/email_receipt_confirmation/lambda.tf b/lambdas/email_receipt_confirmation/lambda.tf index 1bda07a..4b4e341 100644 --- a/lambdas/email_receipt_confirmation/lambda.tf +++ b/lambdas/email_receipt_confirmation/lambda.tf @@ -25,10 +25,6 @@ module "lambda_function_container_image" { role_name = "${local.lambda_function_name}-role" attach_policy_statements = true - environment_variables = { - RECEIPT_REPLY_TEXT = "" - } - policy_statements = { log_group = { effect = "Allow" From 19f7d710d85eca911cd789ec99054337a3a9d80f Mon Sep 17 00:00:00 2001 From: Joel Balcaen Date: Mon, 25 Mar 2024 16:31:58 -0300 Subject: [PATCH 2/3] try wildcard --- lambdas/email_receipt_confirmation/lambda.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lambdas/email_receipt_confirmation/lambda.tf b/lambdas/email_receipt_confirmation/lambda.tf index 4b4e341..cf7a16f 100644 --- a/lambdas/email_receipt_confirmation/lambda.tf +++ b/lambdas/email_receipt_confirmation/lambda.tf @@ -1,6 +1,6 @@ locals { lambda_function_name = "email-receipt-confirmation-dev" - ses_arn = "arn:aws:ses:us-east-1:446872271111:identity/lab.levio.cloud" + ses_arn = "arn:aws:ses:${var.aws_region}:${data.aws_caller_identity.current.account_id}/lab.levio.cloud/*:*" timeout = 30 runtime = "python3.11" powertools_layer_arn = "arn:aws:lambda:${var.aws_region}:017000801446:layer:AWSLambdaPowertoolsPythonV2:67" @@ -53,6 +53,7 @@ module "lambda_function_container_image" { effect = "Allow" resources = [local.ses_arn] actions = ["ses:SendEmail"] + principal = "ses.amazonaws.com" } } } From 6c43b2241da3226885f980cdebcf92940adcc197 Mon Sep 17 00:00:00 2001 From: Joel Balcaen Date: Mon, 25 Mar 2024 17:17:03 -0300 Subject: [PATCH 3/3] add allowed triggers to event receipt confirmation --- lambdas/email_receipt_confirmation/lambda.tf | 8 ++++++++ lambdas/email_receipt_confirmation/variables.tf | 11 +++++++++++ terraform/modules.tf | 2 ++ 3 files changed, 21 insertions(+) diff --git a/lambdas/email_receipt_confirmation/lambda.tf b/lambdas/email_receipt_confirmation/lambda.tf index cf7a16f..373957a 100644 --- a/lambdas/email_receipt_confirmation/lambda.tf +++ b/lambdas/email_receipt_confirmation/lambda.tf @@ -53,7 +53,15 @@ module "lambda_function_container_image" { effect = "Allow" resources = [local.ses_arn] actions = ["ses:SendEmail"] + } + } + + + allowed_triggers = { + ses = { principal = "ses.amazonaws.com" + source_arn = "arn:aws:ses:${var.aws_region}:${data.aws_caller_identity.current.account_id}:receipt-rule-set/${var.rule_set_name}:receipt-rule/${var.chat_rule_name}" } } + } diff --git a/lambdas/email_receipt_confirmation/variables.tf b/lambdas/email_receipt_confirmation/variables.tf index 7eeeed4..de01bf0 100644 --- a/lambdas/email_receipt_confirmation/variables.tf +++ b/lambdas/email_receipt_confirmation/variables.tf @@ -7,3 +7,14 @@ variable "aws_region" { type = string nullable = false } + + +variable "rule_set_name" { + type = string + nullable = false +} + +variable "chat_rule_name" { + type = string + nullable = false +} \ No newline at end of file diff --git a/terraform/modules.tf b/terraform/modules.tf index b9c3d7a..8aba475 100644 --- a/terraform/modules.tf +++ b/terraform/modules.tf @@ -223,4 +223,6 @@ module "email_receipt_confirmation" { source = "../lambdas/email_receipt_confirmation" lambda_storage_bucket = aws_s3_bucket.lambda_storage.id aws_region = var.aws_region + rule_set_name = local.rule_set_name + chat_rule_name = local.chat_rule_name }