Class CpSesSetup

CloudKitect SES Setup Pattern

Default Configuration

Verifies the Domain for sending emails SNS Topic for Monitoring Bounces and Complaint notification Alarms for notification DKIM and SPF Security Setup

Default Alarms

1. BounceRate alarm

   • Risk Level: Medium
   • Well Architected Pillar: Operational Excellence

2. ComplaintRate alarm

   • Risk Level: Medium
   • Well Architected Pillar: Operational Excellence

Note that the default alarm uses the WaAlarm construct, which sets up an alarm action to notify the SNS Topic AlarmEventsTopic by default.

Examples

Default Usage

new CpEmailSetup(this, "LogicalId", {
    cpDomainName: "cloudxler8r.com"
});
Copy

Custom Configuration

new CpEmailSetup(this, "LogicalId", {
   cpDomainName: "cloudxler8r.com"
   ccDoNotAddDefaultAlarms: true
});
Copy

Compliance

It addresses the following compliance requirements

1. Enable DKIM to protect both email senders and receivers against phishing attacks

   • Risk Level: Medium
   • Compliance: NA
   • Well Architected Pillar: Security

2. Ensure All Emails are sent with TLS Encryption

   • Risk Level: Medium
   • Compliance: NA
   • Well Architected Pillar: Security

3. Ensure Sender Policy Framework (SPF) to prevent email spoofing

   • Risk Level: Medium
   • Compliance: NA
   • Well Architected Pillar: Security

4. Only send email via verified identities

   • Risk Level: Low
   • Compliance: APRA, MAS, NIST4
   • Well Architected Pillar: Security