add email sending permissions to task role

harvard-edtech · Nov 15, 2024 · 95bd887 · 95bd887
1 parent ea33a92
commit 95bd887
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### Added
+
+- task role now gets SES permissions to send email
+
 ### Modified
 
 - dropped node v12 and v14 from testing matrix; added v20

diff --git a/cdk/lib/taskdef.ts b/cdk/lib/taskdef.ts
@@ -1,6 +1,7 @@
 import {
   aws_ecs as ecs,
   aws_logs as logs,
+  aws_iam as iam,
   Stack,
   RemovalPolicy,
   CfnOutput,
@@ -63,6 +64,14 @@ export class CacclTaskDef extends Construct {
       memoryLimitMiB: taskMemory,
     });
 
+    const sendEmailPolicy = new iam.PolicyStatement({
+      actions: ['ses:SendEmail', 'ses:SendRawEmail'],
+      resources: ['*'],
+    });
+
+    this.taskDef.addToTaskRolePolicy(sendEmailPolicy);
+    this.appOnlyTaskDef.addToTaskRolePolicy(sendEmailPolicy);
+
     // params for the fargate service's app container
     const appContainerParams = {
       image: appContainerImage.image,