Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-ses: add grant methods to EmailIdentity #29083

Closed
1 of 2 tasks
karaken12 opened this issue Feb 12, 2024 · 1 comment · Fixed by #29084
Closed
1 of 2 tasks

aws-ses: add grant methods to EmailIdentity #29083

karaken12 opened this issue Feb 12, 2024 · 1 comment · Fixed by #29084
Labels
@aws-cdk/aws-ses Related to Amazon Simple Email Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@karaken12
Copy link
Contributor

Describe the feature

Add a general grant method to EmailIdentity objects, as well as a more specific method for the send email action.

Use Case

When granting send email access to a lambda the grant needs to be constructed manually, including constructing the ARN for the identity. e.g.

  Grant.addToPrincipal({
    grantee,
    actions: ["ses:SendEmail"],
    resourceArns: [
      this.stack.formatArn({
        service: 'ses',
        resource: 'identity',
        resourceName: 'test@example.com',
      }),
    ],
    scope: this
  })

This is dissimilar to other constructs, which generally expose a grant method and one or more convenience methods for particularly relevant groups of actions.

Proposed Solution

Implement a grant and a grantSendEmail method on EmailIdentity (and IEmailIdentity), so that the above use can be accomplished with a simple

    const emailIdentity = new EmailIdentity(this, 'Identity', {
      identity: Identity.email('test@example.com')
    });
    emailIdentity.grantSendEmail(grantee);

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.126.0

Environment details (OS name and version, etc.)

Ubuntu 22.04
@karaken12 karaken12 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Feb 12, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ses Related to Amazon Simple Email Service label Feb 12, 2024
@karaken12 karaken12 mentioned this issue Feb 12, 2024
Merged
1 task
@kaizencc kaizencc added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 12, 2024
@mergify mergify bot closed this as completed in #29084 Feb 13, 2024
mergify bot pushed a commit that referenced this issue Feb 13, 2024
@karaken12
feat(ses): grant methods to IEmailIdentity (#29084)
c3c771c 
### Issue

Closes #29083

### Reason for this change

When granting send email access to a lambda the grant needs to be constructed manually, including constructing the ARN for the identity. e.g.

```
  Grant.addToPrincipal({
    grantee,
    actions: ["ses:SendEmail"],
    resourceArns: [
      this.stack.formatArn({
        service: 'ses',
        resource: 'identity',
        resourceName: 'test@example.com',
      }),
    ],
    scope: this
  })
```

This is dissimilar to other constructs, which generally expose a grant method and one or more convenience methods for particularly relevant groups of actions.

### Description of changes

Added `grant` and `grantSendEmail` to `IEmailIdentity`, and added a common abstract class, `BaseEmailIdentity` with the relevant grant code. This is to avoid code duplication between the full `EmailIdentity` and the `Import` class.

### Description of how you validated changes

Tests added for grants on both new and imported email identities, and a test to validate the `grantSendEmail` method.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

GavinZZ pushed a commit that referenced this issue Feb 22, 2024
@karaken12 @GavinZZ
feat(ses): grant methods to IEmailIdentity (#29084)

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode
b601446 
### Issue

Closes #29083

### Reason for this change

When granting send email access to a lambda the grant needs to be constructed manually, including constructing the ARN for the identity. e.g.

```
  Grant.addToPrincipal({
    grantee,
    actions: ["ses:SendEmail"],
    resourceArns: [
      this.stack.formatArn({
        service: 'ses',
        resource: 'identity',
        resourceName: 'test@example.com',
      }),
    ],
    scope: this
  })
```

This is dissimilar to other constructs, which generally expose a grant method and one or more convenience methods for particularly relevant groups of actions.

### Description of changes

Added `grant` and `grantSendEmail` to `IEmailIdentity`, and added a common abstract class, `BaseEmailIdentity` with the relevant grant code. This is to avoid code duplication between the full `EmailIdentity` and the `Import` class.

### Description of how you validated changes

Tests added for grants on both new and imported email identities, and a test to validate the `grantSendEmail` method.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions github-actions bot mentioned this issue Mar 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ses Related to Amazon Simple Email Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ses): grant methods to IEmailIdentity karaken12/aws-cdk
2 participants
@karaken12 @kaizencc