Skip to content

Commit

Permalink
[u] Document moving the SES service out of sandbox once per shared de…
Browse files Browse the repository at this point in the history
…ployment
  • Loading branch information
achave11-ucsc committed Sep 7, 2023
1 parent fd7db7f commit 4edb434
Show file tree
Hide file tree
Showing 2 changed files with 37 additions and 0 deletions.
33 changes: 33 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -641,6 +641,39 @@ These steps are performed once per deployment (multiple times per project).

9. `_refresh`

### 3.2.3 Transition Amazon SES resource out of sandbox

Perform these steps once the cloud insfrastructure has been provisioned for the
shared deployment, section #3.3. Before continuing, make sure that the SES
identity provisioned by Terraform is the deployment's indexer domain, and that
it's listed as verified, in the Verified identities tab, to view from the AWS
SES console.

Run the following AWS CLI command to request for the AWS SES Identity to be
removed from sandbox, this is done in order to avoid having to confirm a
subscription to a recepient soly used for the purpose of monitoring, run::

aws sesv2 put-account-details \
--production-access-enabled \
--mail-type TRANSACTIONAL \
--website-url $(echo "from azul import config; print(config.indexer_endpoint.host)" | python) \
--use-case-description "We would like to use SES to replace our current \
notification infrastructure, which is based on an \
SNS topic with one Google group email subscribed. \
We would only ever send emails to one specific \
email address. Will not send unsolicited email, \
or emails to any other recipient for that matter. \
The reason we want to switch to SES is so that we \
do not have to confirm the subscription of the \
recipient to the SNS topic, because that \
confirmation requires manual intervention which \
prevents us from fully automating our \
infrastructure deployment. Instead we would like \
to have a Lambda function invoked by the SNS \
topic, and have that lambda function send the \
email to the single recipient via SES." \
--contact-language EN

## 3.3 Provisioning cloud infrastructure

Once you've configured the project and your personal deployment or a shared
Expand Down
4 changes: 4 additions & 0 deletions UPGRADING.rst
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,10 @@ Manually deploy the ``shared`` & ``gitlab`` components (in that order)
of any main deployment just before pushing the merge commit to the
GitLab instance in that deployment.

After the merge commit builds on GitLab, follow the instructions in the
README.md, for section 3.2.3 titled `Transition Amazon SES resource out of sandbox`.
This needs to be done for all main deplouments, except the ``dev`` account.


DataBiosphere/azul-private#95 Resolve vulnerabilities in AMI for GitLab
=======================================================================
Expand Down

0 comments on commit 4edb434

Please sign in to comment.