Update ses addon module to have better SPF records (#21879)

This helps prevent invite emails from Fleet going to spam instead of someone's inbox.
fleetdm · Sep 9, 2024 · 4fb0fd5 · 4fb0fd5
1 parent e57876a
commit 4fb0fd5
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/terraform/addons/ses/main.tf b/terraform/addons/ses/main.tf
@@ -1,3 +1,10 @@
+locals {
+  spf_domains = [
+    aws_ses_domain_identity.default.domain,
+    "_amazonses.${aws_ses_domain_identity.default.domain}"
+  ]
+}
+
 resource "aws_ses_domain_identity" "default" {
   domain = var.domain
 }
@@ -19,11 +26,12 @@ resource "aws_route53_record" "amazonses_dkim_record" {
 
 
 resource "aws_route53_record" "spf_domain" {
-  zone_id = var.zone_id
-  name    = "_amazonses.${aws_ses_domain_identity.default.domain}"
-  type    = "TXT"
-  ttl     = "600"
-  records = ["v=spf1 include:amazonses.com -all"]
+  for_each = toset(local.spf_domains)
+  zone_id  = var.zone_id
+  name     = each.key
+  type     = "TXT"
+  ttl      = "600"
+  records  = ["v=spf1 include:amazonses.com -all"]
 }
 
 resource "aws_iam_policy" "main" {

diff --git a/terraform/addons/ses/variables.tf b/terraform/addons/ses/variables.tf
@@ -4,6 +4,6 @@ variable "domain" {
 }
 
 variable "zone_id" {
-  type = string
+  type        = string
   description = "Route53 Zone ID"
 }