Remove the need for email domains to be set

deployments/main.tf

@@ -71,12 +71,11 @@ module "dpe-sandbox-spacelift-development" {
   enable_otel_ingress    = true
   ssl_hostname           = "a09a38cc5a8d6497ea69c6bf6318701b-1974793757.us-east-1.elb.amazonaws.com"
 
-  auth0_jwks_uri         = "https://dev-sage-dpe.us.auth0.com/.well-known/jwks.json"
-  
+  auth0_jwks_uri = "https://dev-sage-dpe.us.auth0.com/.well-known/jwks.json"
+
   ses_email_identities = ["aws-dpe-dev@sagebase.org"]
-  ses_email_domains    = ["sagebase.org"]
   # Defines the email address that will be used as the sender of the email alerts
-  smtp_from            = "aws-dpe-dev@sagebase.org"
+  smtp_from = "aws-dpe-dev@sagebase.org"
 }
 
 module "dpe-sandbox-spacelift-production" {
@@ -123,5 +122,4 @@ module "dpe-sandbox-spacelift-production" {
   auth0_jwks_uri         = ""
 
   ses_email_identities = []
-  ses_email_domains    = []
 }

deployments/spacelift/dpe-k8s/main.tf

@@ -12,7 +12,6 @@ locals {
     azs_eks_control_plane                  = var.azs_eks_control_plane
     azs_eks_worker_nodes                   = var.azs_eks_worker_nodes
     ses_email_identities                   = var.ses_email_identities
-    ses_email_domains                      = var.ses_email_domains
   }
 
   k8s_stack_deployments_variables = {
@@ -31,9 +30,9 @@ locals {
   }
 
   auth0_stack_variables = {
-    cluster_name         = var.cluster_name
-    auth0_domain         = var.auth0_domain
-    auth0_clients        = var.auth0_clients
+    cluster_name  = var.cluster_name
+    auth0_domain  = var.auth0_domain
+    auth0_clients = var.auth0_clients
   }
 
   # Variables to be passed from the k8s stack to the deployments stack
@@ -255,4 +254,4 @@ resource "spacelift_environment_variable" "auth0-stack-environment-variables" {
   name       = "TF_VAR_${each.key}"
   value      = try(tostring(each.value), jsonencode(each.value))
   write_only = false
-}
+}

deployments/spacelift/dpe-k8s/variables.tf

@@ -187,12 +187,6 @@ variable "ses_email_identities" {
   description = "List of email identities to be added to SES"
 }
 
-variable "ses_email_domains" {
-  type        = list(string)
-  description = "List of email domains to be added to SES"
-}
-
-
 variable "smtp_user" {
   description = "The SMTP user. Required if smtp_user, smtp_password, and smtp_from are set"
   type        = string

deployments/stacks/dpe-k8s/main.tf

@@ -41,5 +41,4 @@ module "sage-aws-ses" {
   source = "../../../modules/sage-aws-ses"
 
   email_identities = var.ses_email_identities
-  email_domains    = var.ses_email_domains
-}
+}

deployments/stacks/dpe-k8s/variables.tf

@@ -59,8 +59,3 @@ variable "ses_email_identities" {
   type        = list(string)
   description = "List of email identities to be added to SES"
 }
-
-variable "ses_email_domains" {
-  type        = list(string)
-  description = "List of email domains to be added to SES"
-}

modules/sage-aws-ses/README.md

@@ -1,11 +1,10 @@
 # Purpose
 This module is used to set up SES (Simple email service) in AWS.
 
-By setting a few variables we are able to create a number of Email addresses and Domains
+By setting a few variables we are able to create a number of Email addresses
 to AWS SES. The variables to be set are:
 
 - `email_identities`, example: `["example@sagebase.org"]`
-- `email_domains`, example `["sagebase.org"]`
 
 # Manual steps required
 After running this module a number of manual steps are required as they are external
@@ -15,18 +14,22 @@ processes that need to happen:
 1) Navigate to Amazon SES in the web console
 2) Navigate to `identities`
 3) Choose the Identity to verify
-4) Send a test email and click the link recieved to verify the email
+4) Send a test email and click the link received to verify the email
 
-Optional: Send a test email after verifying to confirm you may recieve emails
+Optional: Send a test email after verifying to confirm you may receive emails
 
+# Request production access
+After creating AWS SES settings the first time you will be in "Sandbox" mode. In order
+to request production access follow the following document: <https://docs.aws.amazon.com/ses/latest/dg/request-production-access.html>
+under the section "To request that your account be removed from the Amazon SES sandbox using the AWS CLI".
 
-## Verify Sending domain
-This is required for each AWS account where AWS SES is going to be set up.
+The command will look something like:
 
-Reading: <https://docs.aws.amazon.com/ses/latest/dg/creating-identities.html#just-verify-domain-proc>
-
-1) Navigate to Amazon SES in the web console
-2) Navigate to `identities`
-3) Choose the Domain to verify
-4) Download the DKIM under `Publish DNS records` and create an IT ticket to add the records
-5) Example IT ticket for reference: <https://sagebionetworks.jira.com/browse/IT-3965>
+```
+aws sesv2 put-account-details \
+--production-access-enabled \
+--mail-type TRANSACTIONAL \
+--website-url https://www.synapse.org/ \
+--additional-contact-email-addresses dpe@sagebase.org \
+--contact-language EN
+```

modules/sage-aws-ses/main.tf

@@ -1,11 +1,6 @@
 resource "aws_ses_email_identity" "identities" {
   for_each = { for identity in var.email_identities : identity => identity }
-  email = each.value
-}
-
-resource "aws_ses_domain_identity" "identities" {
-  for_each = { for identity in var.email_domains : identity => identity }
-  domain = each.value
+  email    = each.value
 }
 
 resource "aws_iam_user" "smtp_user" {

modules/sage-aws-ses/variables.tf

@@ -3,11 +3,6 @@ variable "email_identities" {
   description = "List of email identities to be added to SES"
 }
 
-variable "email_domains" {
-  type        = list(string)
-  description = "List of email domains to be added to SES"
-}
-
 variable "tags" {
   description = "AWS Resource Tags"
   type        = map(string)