Add SES receiving

cloudnativedaysjp · May 27, 2023 · 89580d2 · 89580d2
1 parent fd15c00
commit 89580d2
Show file tree

Hide file tree

Showing 6 changed files with 230 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,5 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+terraform.tfvars
diff --git a/mail/.gitignore b/mail/.gitignore
@@ -0,0 +1 @@
+lambda_function_payload.zip
diff --git a/mail/.terraform.lock.hcl b/mail/.terraform.lock.hcl
diff --git a/mail/lambda_function.py b/mail/lambda_function.py
@@ -0,0 +1,56 @@
+import os
+import boto3
+import logging
+import json
+import urllib.request
+from collections import OrderedDict
+import pprint
+from email import policy
+from email.parser import BytesParser
+
+s3_client = boto3.client('s3')
+ses_client = boto3.client('ses')
+logger = logging.getLogger()
+logger.setLevel(logging.INFO)
+s3_bucket = os.environ['S3_BUCKET']
+webhook_url = os.environ['SLACK_WEBHOOK_URL']
+#forward_to = os.environ['FORWARD_TO']
+
+def post_slack(from_address, subject, message):
+    send_data = {
+        'text': 'From: {}\nSubject: {}\n\n{}'.format(from_address, subject, message)
+    }
+
+
+    send_text = json.dumps(send_data)
+    request = urllib.request.Request(
+        webhook_url, 
+        data=send_text.encode('utf-8'), 
+        method="POST"
+    )
+    with urllib.request.urlopen(request) as response:
+        response_body = response.read().decode('utf-8')
+
+def lambda_handler(event, context):
+    logger.info(event)
+    message_id=event['Records'][0]['ses']['mail']['messageId']
+    response = s3_client.get_object(
+        Bucket = s3_bucket,
+        Key    = message_id
+    )
+    # Emlデータ取得
+    raw_message = response['Body'].read()
+
+    # メールの本文のみを抽出
+    msg = BytesParser(policy=policy.default).parsebytes(raw_message)
+    body = ''
+    if msg.is_multipart():
+        for part in msg.iter_parts():
+            if part.get_content_type() == 'text/plain':
+                body = part.get_content()
+    else:
+        body = msg.get_content()
+    subject = msg['Subject']
+    from_address = msg['From']
+
+    post_slack(from_address, subject, body)
diff --git a/mail/main.tf b/mail/main.tf
@@ -0,0 +1,120 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+    archive = {
+      source  = "hashicorp/archive"
+      version = "~> 2.3"
+    }
+  }
+  cloud {
+    organization = "cloudnativedaysjp"
+
+    workspaces {
+      name = "mail"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-west-2"
+}
+
+resource "aws_ses_domain_identity" "cnd" {
+  domain = "cloudnativedays.jp"
+}
+
+resource "aws_ses_receipt_rule" "default" {
+  name          = "service-registration"
+  rule_set_name = "cloudnativedays.jp"
+  recipients    = ["[email protected]", "[email protected]"]
+  enabled       = true
+  scan_enabled  = true
+
+  s3_action {
+    bucket_name = "cloudnativedaysjp-received-emails"
+    position    = 1
+  }
+
+  lambda_action {
+    function_arn    = "arn:aws:lambda:us-west-2:607167088920:function:TransterEmail"
+    invocation_type = "Event"
+    position        = 2
+  }
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_policy" "basic_execution_role_policy" {
+  name = "AWSLambdaBasicExecutionRole-f841293c-0f53-4481-9ab7-904d80ca197a"
+  path = "/service-role/"
+
+  policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Action" : "logs:CreateLogGroup",
+        "Resource" : "arn:aws:logs:us-west-2:607167088920:*"
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "logs:CreateLogStream",
+          "logs:PutLogEvents"
+        ],
+        "Resource" : [
+          "arn:aws:logs:us-west-2:607167088920:log-group:/aws/lambda/TransterEmail:*"
+        ]
+      }
+    ]
+  })
+}
+
+resource "aws_iam_role" "iam_for_transfer_email" {
+  name               = "TransterEmail-role-wj50wj4h"
+  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+  path               = "/service-role/"
+  managed_policy_arns = [
+    aws_iam_policy.basic_execution_role_policy.arn,
+    "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+  ]
+}
+
+data "archive_file" "lambda" {
+  type        = "zip"
+  source_file = "lambda_function.py"
+  output_path = "lambda_function_payload.zip"
+}
+
+resource "aws_lambda_function" "transfer_email" {
+  filename      = "lambda_function_payload.zip"
+  function_name = "TransterEmail"
+  role          = aws_iam_role.iam_for_transfer_email.arn
+  handler       = "lambda_function.lambda_handler"
+
+  source_code_hash = data.archive_file.lambda.output_base64sha256
+
+  runtime = "python3.10"
+  publish = true
+
+  environment {
+    variables = {
+      S3_BUCKET         = var.s3_bucket_name,
+      SLACK_WEBHOOK_URL = var.slack_webhook_url
+    }
+  }
+}
diff --git a/mail/variables.tf b/mail/variables.tf
@@ -0,0 +1,6 @@
+variable "s3_bucket_name" {
+  default = "bucket"
+}
+variable "slack_webhook_url" {
+
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -27,3 +27,5 @@ override.tf.json

		# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
		# example: tfplan

		terraform.tfvars