feat: Split up ses service depending on identity type

Author: Marco Franceschi

src/enums/schemasMap.ts

@@ -103,7 +103,8 @@ export default {
   [services.sageMakerProject]: 'awsSageMakerProject',
   [services.s3]: 'awsS3',
   [services.secretsManager]: 'awsSecretsManager',
-  [services.ses]: 'awsSes',
+  [services.sesEmail]: 'awsSesEmail',
+  [services.sesDomain]: 'awsSesDomain',
   [services.sns]: 'awsSns',
   [services.systemsManagerInstance]: 'awsSystemsManagerInstance',
   [services.systemsManagerDocument]: 'awsSystemsManagerDocument',

src/enums/serviceMap.ts

@@ -102,7 +102,8 @@ import SageMakerProject from '../services/sageMakerProject'
 import SecretsManager from '../services/secretsManager'
 import AwsSecurityGroup from '../services/securityGroup'
 import SecurityHub from '../services/securityHub'
-import SES from '../services/ses'
+import SESEmail from '../services/sesEmail'
+import SESDomain from '../services/sesDomain'
 import SNS from '../services/sns'
 import SQS from '../services/sqs'
 import AwsSubnet from '../services/subnet'
@@ -217,7 +218,8 @@ export default {
   [services.s3]: S3,
   [services.secretsManager]: SecretsManager,
   [services.securityHub]: SecurityHub,
-  [services.ses]: SES,
+  [services.sesEmail]: SESEmail,
+  [services.sesDomain]: SESDomain,
   [services.iamAccessAnalyzer]: IamAccessAnalyzer,
   [services.iamUser]: IamUser,
   [services.iamGroup]: IamGroup,

src/enums/services.ts

@@ -101,7 +101,8 @@ export default {
   s3: 's3',
   secretsManager: 'secretsManager',
   securityHub: 'securityHub',
-  ses: 'ses',
+  sesEmail: 'sesEmail',
+  sesDomain: 'sesDomain',
   sg: 'sg',
   sns: 'sns',
   sqs: 'sqs',

src/services/account/schema.graphql

@@ -102,7 +102,8 @@ type awsAccount implements awsOptionalService @key(fields: "id") {
   systemsManagerDocuments: [awsSystemsManagerDocument]
   systemsManagerInstances: [awsSystemsManagerInstance]
   systemsManagerParameters: [awsSystemsManagerParameter]
-  ses: [awsSes]
+  sesEmail: [awsSesEmail]
+  sesDomain: [awsSesDomain]
   sns: [awsSns]
   sqs: [awsSqs]
   subnets: [awsSubnet]

src/services/cognitoUserPool/connections.ts

@@ -5,7 +5,7 @@ import { isEmpty } from 'lodash'
 import services from '../../enums/services'
 import { sesArn } from '../../utils/generateArns'
 import { RawAwsLambdaFunction } from '../lambda/data'
-import { RawAwsSes } from '../ses/data'
+import { RawAwsSesEmail } from '../sesEmail/data'
 import { RawAwsIamRole } from '../iamRole/data'
 import { AwsKms } from '../kms/data'
 
@@ -121,20 +121,20 @@ export default ({
    * related to this cognito user pool
    */
   const emailConfigSourceArn = emailConfiguration?.SourceArn
-  const emails = data.find(({ name }) => name === services.ses)
+  const emails = data.find(({ name }) => name === services.sesEmail)
 
   if (emailConfigSourceArn && emails?.data?.[region]) {
-    const emailInRegion: RawAwsSes = emails.data[region].find(
-      ({ Identity }: RawAwsSes) =>
-        emailConfigSourceArn === sesArn({ region, account, email: Identity })
+    const emailInRegion: RawAwsSesEmail = emails.data[region].find(
+      ({ Identity }: RawAwsSesEmail) =>
+        emailConfigSourceArn === sesArn({ region, account, identity: Identity })
     )
 
     if (emailInRegion) {
       connections.push({
-        id: sesArn({ region, account, email: emailInRegion.Identity }),
-        resourceType: services.ses,
+        id: sesArn({ region, account, identity: emailInRegion.Identity }),
+        resourceType: services.sesEmail,
         relation: 'child',
-        field: 'ses',
+        field: 'sesEmail',
       })
     }
   }

src/services/cognitoUserPool/schema.graphql

@@ -122,7 +122,7 @@ type awsCognitoUserPool implements awsBaseService @key(fields: "id") {
   lambdas: [awsLambda] @hasInverse(field: cognitoUserPools)
   appSync: [awsAppSync] @hasInverse(field: cognitoUserPool)
   kms: [awsKms] @hasInverse(field: cognitoUserPools)
-  ses: [awsSes] @hasInverse(field: cognitoUserPools)
+  sesEmail: [awsSesEmail] @hasInverse(field: cognitoUserPools)
   iamRole: [awsIamRole] @hasInverse(field: cognitoUserPools)
   elasticSearchDomains: [awsElasticSearchDomain] @hasInverse(field: cognitoUserPool)
 }

src/services/ses/mutation.ts

@@ -0,0 +1,126 @@
+import SES, {
+  ListIdentitiesResponse,
+  IdentityVerificationAttributes,
+  GetIdentityVerificationAttributesResponse,
+} from 'aws-sdk/clients/ses'
+import { AWSError } from 'aws-sdk/lib/error'
+import { Config } from 'aws-sdk/lib/config'
+
+import CloudGraph from '@cloudgraph/sdk'
+import groupBy from 'lodash/groupBy'
+import isEmpty from 'lodash/isEmpty'
+
+import awsLoggerText from '../../properties/logger'
+import { initTestEndpoint } from '../../utils'
+import AwsErrorLog from '../../utils/errorLog'
+
+const lt = { ...awsLoggerText }
+const { logger } = CloudGraph
+const serviceName = 'SES Domain'
+const errorLog = new AwsErrorLog(serviceName)
+const endpoint = initTestEndpoint(serviceName)
+
+
+/**
+ * SES Domains
+ */
+export interface RawAwsSesDomain extends IdentityVerificationAttributes {
+  Identity: string
+  region: string
+}
+
+export default async ({
+  regions,
+  config,
+}: {
+  regions: string
+  config: Config
+}): Promise<{ [property: string]: RawAwsSesDomain[] }> =>
+  new Promise(async resolve => {
+    const sesData: RawAwsSesDomain[] = []
+    const regionPromises = []
+    const identityVerificationPromises = []
+
+    regions.split(',').map(region => {
+      const regionPromise = new Promise<void>(resolveRegion => {
+        const ses = new SES({ ...config, region, endpoint })
+
+        ses.listIdentities(
+          { IdentityType: 'Domain' },
+          (err: AWSError, data: ListIdentitiesResponse) => {
+            /**
+             * No Data for the region
+             */
+            if (isEmpty(data)) {
+              return resolveRegion()
+            }
+
+            if (err) {
+              errorLog.generateAwsErrorLog({
+                functionName: 'sesDomain:listIdentities',
+                err,
+              })
+            }
+
+            const { Identities }: { Identities: string[] } = data
+
+            /**
+             * No Identities Found
+             */
+
+            if (isEmpty(Identities)) {
+              return resolveRegion()
+            }
+
+            logger.debug(lt.fetchedSesIdentities(Identities.length))
+
+            const identityVerificationPromise = new Promise<void>(
+              resolveIdVer => {
+                ses.getTemplate()
+                ses.getIdentityVerificationAttributes(
+                  { Identities },
+                  (
+                    err: AWSError,
+                    {
+                      VerificationAttributes: identities,
+                    }: GetIdentityVerificationAttributesResponse
+                  ) => {
+                    if (err) {
+                      errorLog.generateAwsErrorLog({
+                        functionName: 'sesDomain:getIdentityVerificationAttributes',
+                        err,
+                      })
+                    }
+
+                    if (!isEmpty(identities)) {
+                      sesData.push(
+                        ...Identities.map(Identity => ({
+
+                          Identity,
+                          ...identities[Identity],
+                          region,
+                        }))
+                      )
+                    }
+
+                    resolveIdVer()
+                    resolveRegion()
+                  }
+                )
+                ses.listConfigurationSets()
+              }
+            )
+            identityVerificationPromises.push(identityVerificationPromise)
+          }
+        )
+      })
+      regionPromises.push(regionPromise)
+    })
+
+    await Promise.all(regionPromises)
+
+    await Promise.all(identityVerificationPromises)
+    errorLog.reset()
+
+    resolve(groupBy(sesData, 'region'))
+  })

src/services/ses/schema.graphql

@@ -0,0 +1,32 @@
+import { RawAwsSesDomain } from './data'
+import { AwsSesDomain } from '../../types/generated'
+import { sesArn } from '../../utils/generateArns'
+
+/**
+ * SES Domain
+ */
+
+export default ({
+  service,
+  account,
+  region,
+}: {
+  service: RawAwsSesDomain
+  account: string
+  region: string
+}): AwsSesDomain => {
+  const {
+    Identity: domain,
+    VerificationStatus: verificationStatus,
+  } = service
+  const arn = sesArn({ region, account, identity: domain })
+
+  return {
+    id: arn,
+    accountId: account,
+    arn,
+    region,
+    domain,
+    verificationStatus,
+  }
+}