Checked only for Emails. Guessing it is the same for Domains.

What I did

• added manually mail "[email protected]" -> verified
• added manually mail "[email protected]" -> not verified
• included in cdk "[email protected]" + "[email protected]" + "[email protected]"

What happened:

• "[email protected]" remained while cdk deploy, but deleted on cdk destroy
• "[email protected]" remained while cdk deploy, but deleted on cdk destroy
• "[email protected]" added while cdk deploy, but deleted on cdk destroy

Every time i delete the stack all email addresses will be deleted as well as long as they are mentioned in the file.

• no matter if verified or not
• Even though the stack did not create them (been in place before but could theoretically being added by the stack).

I would love some optional parameter to determine if already verified Emails should be removed as well like (deleteVerified?: boolean).

Reasoning: once a mail got deleted, it needs to be verified again once it is added back. Imagine you would have dozens of emails here and need to verify them all over again :)

I'd love to use this. Is there any plan for supporting CDK v2?

Currently if you verify a domain identity there is no way to get the automatically created SNS topic. This means the topic is created, but you can subscribe or do anything particularly useful with it within CDK. It would be great if that were saved on a property so it could be retrieved.

I can't get this to work with python. I have installed the package with pip, pip install ses_verify_identities

a snippet of code in my cdk stack that is relevant for this construct

from ses_verify_identities import VerifySesEmailAddress

VerifySesEmailAddress(self, "SesEmailVerification",
    email_address="[email protected]"
)

the out put error message is

Traceback (most recent call last):
  File "app.py", line 16, in <module>
    AvailCdkDevStack(app, "AvailCdkDevStack",
  File "/Users/josh/Development/avail_cdk_dev/.venv/lib/python3.8/site-packages/jsii/_runtime.py", line 83, in __call__
    inst = super().__call__(*args, **kwargs)
  File "/Users/josh/Development/avail_cdk_dev/avail_cdk_dev/avail_cdk_dev_stack.py", line 44, in __init__
    VerifySesEmailAddress(self, "SesEmailVerification",
  File "/Users/josh/Development/avail_cdk_dev/.venv/lib/python3.8/site-packages/jsii/_runtime.py", line 83, in __call__
    inst = super().__call__(*args, **kwargs)
TypeError: __init__() got an unexpected keyword argument 'email_address'
Subprocess exited with error 1

any ideas what Im doing wrong?

I usually use ap-northeast-1 region for AWS development.
Since I need Cognito this time and I can't use SES in ap-northeast-1 to send emails via SES, I will set up SES in us-east-1.

The problem is that we want to set up the SES in ap-northeast-1 with the same domain name.
This is a way to avoid over pacific responses.

I kept trying and trying, but I encountered the following error.

Error: There is already a Construct with name 'SesNotificationTopic' in VerifySesDomain

Probably because of the duplicate ID of the Topic being created in this line

Is there any way to work around this?

As per this comment, it would be great to be able to deploy the VerifySesEmailAddress construct in another AWS region that the stack region.

To be consistent, I also tried to apply the same mechanism to VerifySesDomain, however, it seems to be a little more complicated because of the SNS topic that must probably be in the same region as the email address. Here is the error I had: Received response status [FAILED] from custom resource. Message returned: SNS topic arn:aws:sns:{CUSTOM_REGION}:{ACCOUNT_ID}:{MyStackName}-DnsVerifySesDomainSesNotificationTopicF00EF47D-GEFS7RI2FKFB is invalid.
It would require multiple custom resources, and it might start to be too complicated (at least for my needs).

I'm working on a PR for the VerifySesEmailAddress construct.

Hi,
https://github.com/seeebiii/ses-verify-identities/blob/main/src/verify-ses-domain.ts#L109-L113 this contains a bug.
HostedZone might be different from the domain name.
Let's assume we have a hosed zone named with (example.com), it's highly possible that user may use (aws.example.com) to send out mail.
this package: https://github.com/mooyoul/aws-cdk-ses-domain-identity/blob/master/src/dns-validated-domain-identity.ts#L16-L28 use two separate parameter to make it slightly more configurable.
KL

Add support to also set MAIL FROM domain when calling VerifySesDomain()

Hi,

This is an awesome little library.

It would be awesome if I could define the deletion policy of an email identity as I don't really want it deleted after i remove the stack.
The api call does not seem to care that the identity already exists, so there is no collision in creating it multiple times.

Instead of TXT records the new standard is to use the VerifyDomainDkim API, which returns values that are used to create CNAME records. Documentation for the API is here

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository