resource "aws_iam_role" "ses_role" {
  name = "SESFullAccessRole"

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Action = "sts:AssumeRole",
        Principal = {
          Service = "ses.amazonaws.com"
        },
        Effect = "Allow",
        Sid    = ""
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "ses_full_access" {
  role       = aws_iam_role.ses_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonSESFullAccess"
}

resource "aws_iam_user" "ses_user" {
  name = "ses_user"
}

resource "aws_iam_access_key" "ses_user_key" {
  user = aws_iam_user.ses_user.name
}

resource "aws_iam_user_policy_attachment" "ses_user_full_access" {
  user       = aws_iam_user.ses_user.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonSESFullAccess"
}

resource "aws_ses_domain_identity" "noreply_domain" {
  domain = "incd.ca"
}

resource "aws_ses_email_identity" "noreply_email_address" {
  email = "noreply@incd.ca"
}

output "ses_domain_verification_record" {
  value = aws_ses_domain_identity.noreply_domain.verification_token
}

# If this code ends up being used, be sure to remove the following two outputs
# before using something like Github Actions or any other CI service.
output "iam_access_key_id" {
  value = aws_iam_access_key.ses_user_key.id
}

output "iam_secret_access_key" {
  value = aws_iam_access_key.ses_user_key.secret
}