gitea_admin/qvest-task
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3821f45d63
qvest-task/terraform/ses.tf
aviyadeveloper 890a23e8d5
Some checks failed
Update Automation Tests / Integration Tests (pull_request) Failing after 40s
Details
feat: complete CI/CD automation and fix deployment issues 
Infrastructure & Permissions:
- Set recovery_window_in_days=0 on secrets for immediate deletion on destroy
- Add secretsmanager:UpdateSecret permission to EC2 IAM role
- Move SES secret definition from ses.tf to secrets.tf for better organization
- Create scripts/empty-s3-bucket.sh to handle versioned S3 object deletion
- Update Makefile to use S3 cleanup script in full-destroy target

Gitea Admin User Automation:
- Remove non-functional GITEA_ADMIN_* environment variables from docker-compose.yml
- Add CLI-based admin user creation via docker exec in deploy-gitea.yml
- Add database update to disable must_change_password requirement
- Fix runner token API call to use GET instead of POST

Runner Setup Fixes:
- Change runner gitea_instance to http://localhost:3000 (was failing with public URL)
- Fix registration to work from same host as Gitea

Domain Migration:
- Change domain from gitea.poll-streams.com to git.poll-streams.com
- Update DNS, docker-compose, nginx configs, ansible inventory, and SSL setup
- Enables fresh SSL certificate (avoids Let's Encrypt rate limit)

All changes enable zero-to-one deployment: make full-destroy && make full-deploy
2026-06-11 17:16:51 +02:00

45 lines
1.1 KiB
HCL
Raw Blame History

# ============================================================================
# AWS SES Configuration
# ============================================================================
# Configures AWS Simple Email Service for sending alert notifications
# Email identity for sending alerts
resource "aws_ses_email_identity" "alert_email" {
email = var.alert_email
}
# IAM user for SMTP authentication
resource "aws_iam_user" "ses_smtp_user" {
name = "${var.project_name}-ses-smtp-user"
path = "/system/"
tags = {
Name = "${var.project_name}-ses-smtp-user"
}
}
# Policy allowing the SMTP user to send emails via SES
resource "aws_iam_user_policy" "ses_smtp_user_policy" {
name = "${var.project_name}-ses-smtp-policy"
user = aws_iam_user.ses_smtp_user.name
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"ses:SendEmail",
"ses:SendRawEmail"
]
Resource = "*"
}
]
})
}
# Access key for SMTP authentication
resource "aws_iam_access_key" "ses_smtp_access_key" {
user = aws_iam_user.ses_smtp_user.name
}
Reference in New Issue View Git Blame Copy Permalink