You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Environment variables should be set for DISCOURSE_SMTP_ADDRESS, DISCOURSE_SMTP_USER_NAME, DISCOURSE_SMTP_PASSWORD.
Also think that SES construct could stand to be more clear. The IAM user, even though it's created by the specifically by the SES module, is named {region}-{stack}-instance. This seems like a vague name. Also, consumers of the secret only need the username and password. The secret access key should not need to be in the secret, and a more clear key name would be "smtp_username" as opposed "access_key_id".
Looking at the existing SES construct, it feels like every child resource created by it is exposed as a property. This makes things difficult to know what information from it is critical (too much exposed). You have to know the name of the generated secret to consume that information. The ID of that secret should be exposed as a property.
The lack of the information regarding the SES secret also makes it tricky because we have to inject the ARN of the credentials secret into the Asg construct to allow the EC2 access to it.
Might also be useful to add a VPC endpoint. See here (aws/aws-cdk#9386)
The text was updated successfully, but these errors were encountered:
Environment variables should be set for DISCOURSE_SMTP_ADDRESS, DISCOURSE_SMTP_USER_NAME, DISCOURSE_SMTP_PASSWORD.
Also think that SES construct could stand to be more clear. The IAM user, even though it's created by the specifically by the SES module, is named {region}-{stack}-instance. This seems like a vague name. Also, consumers of the secret only need the username and password. The secret access key should not need to be in the secret, and a more clear key name would be "smtp_username" as opposed "access_key_id".
Looking at the existing SES construct, it feels like every child resource created by it is exposed as a property. This makes things difficult to know what information from it is critical (too much exposed). You have to know the name of the generated secret to consume that information. The ID of that secret should be exposed as a property.
The lack of the information regarding the SES secret also makes it tricky because we have to inject the ARN of the credentials secret into the Asg construct to allow the EC2 access to it.
Might also be useful to add a VPC endpoint. See here (aws/aws-cdk#9386)
The text was updated successfully, but these errors were encountered: