From 74566b733df529f446f7463b165315cf1207d5a5 Mon Sep 17 00:00:00 2001
From: Ryan Ahearn <ryan.ahearn@gsa.gov>
Date: Mon, 17 Oct 2022 15:16:08 -0400
Subject: [PATCH] Add ses module and staging implementation

---
 manifest.yml                      |  3 +++
 terraform/sandbox/main.tf         | 11 ++++++++++
 terraform/shared/ses/main.tf      | 29 +++++++++++++++++++++++++
 terraform/shared/ses/providers.tf |  9 ++++++++
 terraform/shared/ses/variables.tf | 36 +++++++++++++++++++++++++++++++
 terraform/staging/main.tf         | 12 +++++++++++
 6 files changed, 100 insertions(+)
 create mode 100644 terraform/shared/ses/main.tf
 create mode 100644 terraform/shared/ses/providers.tf
 create mode 100644 terraform/shared/ses/variables.tf

diff --git a/manifest.yml b/manifest.yml
index ae64daf6c..e8d19a5cb 100644
--- a/manifest.yml
+++ b/manifest.yml
@@ -13,6 +13,9 @@ applications:
       - notify-api-redis-((env))
       - notify-api-csv-upload-bucket-((env))
       - notify-api-contact-list-bucket-((env))
+      - name: notify-api-ses-((env))
+        parameters:
+          notification_webhook: ""
 
     processes:
       - type: web
diff --git a/terraform/sandbox/main.tf b/terraform/sandbox/main.tf
index 6e8bb11f2..156ba57d3 100644
--- a/terraform/sandbox/main.tf
+++ b/terraform/sandbox/main.tf
@@ -55,3 +55,14 @@ module "egress-space" {
     "steven.reilly@gsa.gov"
   ]
 }
+
+module "ses_email" {
+  source = "../shared/ses"
+
+  cf_org_name         = local.cf_org_name
+  cf_space_name       = local.cf_space_name
+  name                = "${local.app_name}-ses-${local.env}"
+  recursive_delete    = local.recursive_delete
+  aws_region          = "us-west-2"
+  email_receipt_error = "notify-support@gsa.gov"
+}
diff --git a/terraform/shared/ses/main.tf b/terraform/shared/ses/main.tf
new file mode 100644
index 000000000..de7ca2a2b
--- /dev/null
+++ b/terraform/shared/ses/main.tf
@@ -0,0 +1,29 @@
+###
+# Target space/org
+###
+
+data "cloudfoundry_space" "space" {
+  org_name = var.cf_org_name
+  name     = var.cf_space_name
+}
+
+###
+# SES instance
+###
+
+data "cloudfoundry_service" "ses" {
+  name = "datagov-smtp"
+}
+
+resource "cloudfoundry_service_instance" "ses" {
+  name             = var.name
+  space            = data.cloudfoundry_space.space.id
+  service_plan     = data.cloudfoundry_service.ses.service_plans["base"]
+  recursive_delete = var.recursive_delete
+  json_params = jsonencode({
+    region                        = var.aws_region
+    domain                        = var.email_domain
+    email_receipt_error           = var.email_receipt_error
+    enable_feedback_notifications = true
+  })
+}
diff --git a/terraform/shared/ses/providers.tf b/terraform/shared/ses/providers.tf
new file mode 100644
index 000000000..8db86ca90
--- /dev/null
+++ b/terraform/shared/ses/providers.tf
@@ -0,0 +1,9 @@
+terraform {
+  required_version = "~> 1.0"
+  required_providers {
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "~> 0.15"
+    }
+  }
+}
diff --git a/terraform/shared/ses/variables.tf b/terraform/shared/ses/variables.tf
new file mode 100644
index 000000000..c56468cc6
--- /dev/null
+++ b/terraform/shared/ses/variables.tf
@@ -0,0 +1,36 @@
+variable "cf_org_name" {
+  type        = string
+  description = "cloud.gov organization name"
+}
+
+variable "cf_space_name" {
+  type        = string
+  description = "cloud.gov space name (staging or prod)"
+}
+
+variable "name" {
+  type        = string
+  description = "name of the service instance"
+}
+
+variable "recursive_delete" {
+  type        = bool
+  description = "when true, deletes service bindings attached to the resource (not recommended for production)"
+  default     = false
+}
+
+variable "aws_region" {
+  type        = string
+  description = "AWS region the SES instance is in"
+}
+
+variable "email_domain" {
+  type        = string
+  default     = ""
+  description = "domain name that emails will be coming from"
+}
+
+variable "email_receipt_error" {
+  type        = string
+  description = "email address to list in SPF records for errors to be sent to"
+}
diff --git a/terraform/staging/main.tf b/terraform/staging/main.tf
index a2ea6d0d8..c77e5d717 100644
--- a/terraform/staging/main.tf
+++ b/terraform/staging/main.tf
@@ -55,3 +55,15 @@ module "egress-space" {
     "steven.reilly@gsa.gov"
   ]
 }
+
+module "ses_email" {
+  source = "../shared/ses"
+
+  cf_org_name         = local.cf_org_name
+  cf_space_name       = local.cf_space_name
+  name                = "${local.app_name}-ses-${local.env}"
+  recursive_delete    = local.recursive_delete
+  aws_region          = "us-gov-west-1"
+  email_domain        = "sandbox.10x.gsa.gov"
+  email_receipt_error = "notify-support@gsa.gov"
+}