|
|
@@ -126,25 +126,21 @@ resource "aws_iam_user" "ses_user" {
|
|
|
path = "/service_accounts/"
|
|
|
}
|
|
|
|
|
|
+data "aws_iam_policy_document" "policy" {
|
|
|
+ statement {
|
|
|
+ sid = ""
|
|
|
+ effect = "Allow"
|
|
|
+ # tfsec:ignore:aws-iam-no-policy-wildcards Allows use by the entire account
|
|
|
+ resources = ["*"]
|
|
|
+ actions = ["ses:SendRawEmail"]
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
resource "aws_iam_user_policy" "ses_user" {
|
|
|
name = "ses_user_policy"
|
|
|
user = aws_iam_user.ses_user.name
|
|
|
|
|
|
- policy = <<EOF
|
|
|
-{
|
|
|
- "Version": "2012-10-17",
|
|
|
- "Statement": [
|
|
|
- {
|
|
|
- "Action": [
|
|
|
- "ses:SendRawEmail"
|
|
|
- ],
|
|
|
- "Effect": "Allow",
|
|
|
- # tfsec:ignore:aws-iam-no-policy-wildcards Allows use by the entire account
|
|
|
- "Resource": "*"
|
|
|
- }
|
|
|
- ]
|
|
|
-}
|
|
|
-EOF
|
|
|
+ policy = data.aws_iam_policy_document.policy.json
|
|
|
}
|
|
|
|
|
|
#------------------------------------
|
Fred Damstra [afs macbook]