Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

aws-ses: add grant methods to EmailIdentity #29083

Closed
1 of 2 tasks
karaken12 opened this issue Feb 12, 2024 · 1 comment · Fixed by #29084
Closed
1 of 2 tasks

aws-ses: add grant methods to EmailIdentity #29083

karaken12 opened this issue Feb 12, 2024 · 1 comment · Fixed by #29084
Labels
@aws-cdk/aws-ses Related to Amazon Simple Email Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@karaken12
Copy link
Contributor

Describe the feature

Add a general grant method to EmailIdentity objects, as well as a more specific method for the send email action.

Use Case

When granting send email access to a lambda the grant needs to be constructed manually, including constructing the ARN for the identity. e.g.

  Grant.addToPrincipal({
    grantee,
    actions: ["ses:SendEmail"],
    resourceArns: [
      this.stack.formatArn({
        service: 'ses',
        resource: 'identity',
        resourceName: 'test@example.com',
      }),
    ],
    scope: this
  })

This is dissimilar to other constructs, which generally expose a grant method and one or more convenience methods for particularly relevant groups of actions.

Proposed Solution

Implement a grant and a grantSendEmail method on EmailIdentity (and IEmailIdentity), so that the above use can be accomplished with a simple

    const emailIdentity = new EmailIdentity(this, 'Identity', {
      identity: Identity.email('test@example.com')
    });
    emailIdentity.grantSendEmail(grantee);

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.126.0

Environment details (OS name and version, etc.)

Ubuntu 22.04
@karaken12 karaken12 added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Feb 12, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ses Related to Amazon Simple Email Service label Feb 12, 2024
@karaken12 karaken12 mentioned this issue Feb 12, 2024
Merged
1 task
@kaizencc kaizencc added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 12, 2024
@mergify mergify bot closed this as completed in #29084 Feb 13, 2024
mergify bot pushed a commit that referenced this issue Feb 13, 2024
@karaken12
feat(ses): grant methods to IEmailIdentity (#29084)
c3c771c 
### Issue

Closes #29083

### Reason for this change

When granting send email access to a lambda the grant needs to be constructed manually, including constructing the ARN for the identity. e.g.

```
  Grant.addToPrincipal({
    grantee,
    actions: ["ses:SendEmail"],
    resourceArns: [
      this.stack.formatArn({
        service: 'ses',
        resource: 'identity',
        resourceName: 'test@example.com',
      }),
    ],
    scope: this
  })
```

This is dissimilar to other constructs, which generally expose a grant method and one or more convenience methods for particularly relevant groups of actions.

### Description of changes

Added `grant` and `grantSendEmail` to `IEmailIdentity`, and added a common abstract class, `BaseEmailIdentity` with the relevant grant code. This is to avoid code duplication between the full `EmailIdentity` and the `Import` class.

### Description of how you validated changes

Tests added for grants on both new and imported email identities, and a test to validate the `grantSendEmail` method.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

GavinZZ pushed a commit that referenced this issue Feb 22, 2024
@karaken12 @GavinZZ
feat(ses): grant methods to IEmailIdentity (#29084)
b601446 
### Issue

Closes #29083

### Reason for this change

When granting send email access to a lambda the grant needs to be constructed manually, including constructing the ARN for the identity. e.g.

```
  Grant.addToPrincipal({
    grantee,
    actions: ["ses:SendEmail"],
    resourceArns: [
      this.stack.formatArn({
        service: 'ses',
        resource: 'identity',
        resourceName: 'test@example.com',
      }),
    ],
    scope: this
  })
```

This is dissimilar to other constructs, which generally expose a grant method and one or more convenience methods for particularly relevant groups of actions.

### Description of changes

Added `grant` and `grantSendEmail` to `IEmailIdentity`, and added a common abstract class, `BaseEmailIdentity` with the relevant grant code. This is to avoid code duplication between the full `EmailIdentity` and the `Import` class.

### Description of how you validated changes

Tests added for grants on both new and imported email identities, and a test to validate the `grantSendEmail` method.

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions github-actions bot mentioned this issue Mar 1, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ses Related to Amazon Simple Email Service effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(ses): grant methods to IEmailIdentity karaken12/aws-cdk
2 participants
@karaken12 @kaizencc