feat: add removal policy for domains and ensure default for removal policy is always DESTROY for domains and email addresses to keep backward compatibility

Author: seeebiii

API.md

@@ -60,6 +60,7 @@ new VerifySesDomain(this, 'SesDomainVerification', {
  * `addDkimRecord` Whether to automatically add DKIM records to the hosted zone of your domain. This only works if your domain is managed by Route53. Otherwise disable it. Default: `true`.
  * `notificationTopic` An SNS topic where bounces, complaints or delivery notifications can be sent to. If none is provided, a new topic will be created and used for provided notification types.
  * `notificationTypes` Select for which notification types you want to configure a topic. Default: `[Bounce, Complaint]`.
+ * `removalPolicy` Set a `RemovalPolicy` if you want to retain the resources. Default: `DESTROY`
 
 ### Verify an Email Address
 
@@ -73,6 +74,7 @@ new VerifySesEmailAddress(this, 'SesEmailVerification', {
 
  * `emailAddress` The email address to be verified, e.g. `hello@example.org`.
  * `region` An optional AWS region to validate the email address. Default: The custom resource will be created in the stack region.
+ * `removalPolicy` Set a `RemovalPolicy` if you want to retain the resources. Default: `DESTROY`
 
 ## Contributing
 

README.md

@@ -1,4 +1,4 @@
-import { CfnOutput, Fn } from 'aws-cdk-lib';
+import { CfnOutput, Fn, RemovalPolicy } from 'aws-cdk-lib';
 import { CnameRecord, HostedZone, IHostedZone, MxRecord, TxtRecord } from 'aws-cdk-lib/aws-route53';
 import { ITopic, Topic } from 'aws-cdk-lib/aws-sns';
 import { AwsCustomResource, PhysicalResourceId } from 'aws-cdk-lib/custom-resources';
@@ -56,6 +56,12 @@ export interface IVerifySesDomainProps {
    * @default [Bounce, Complaint]
    */
   readonly notificationTypes?: NotificationType[];
+  /**
+   * Whether to DESTROY or RETAIN the domain on removal.
+   *
+   * @default DESTROY
+   */
+  readonly removalPolicy?: RemovalPolicy;
 }
 
 /**
@@ -87,9 +93,10 @@ export class VerifySesDomain extends Construct {
       addTxtRecord,
       addMxRecord,
       addDkimRecords,
+      removalPolicy,
     } = props;
 
-    const verifyDomainIdentity = this.verifyDomainIdentity(domainName);
+    const verifyDomainIdentity = this.verifyDomainIdentity(domainName, removalPolicy);
     this.notificationTopic = this.createTopicOrUseExisting(domainName, verifyDomainIdentity, notificationTopic);
     this.addTopicToDomainIdentity(domainName, this.notificationTopic, notificationTypes);
 
@@ -113,7 +120,7 @@ export class VerifySesDomain extends Construct {
     }
   }
 
-  private verifyDomainIdentity(domainName: string): AwsCustomResource {
+  private verifyDomainIdentity(domainName: string, removalPolicy?: RemovalPolicy): AwsCustomResource {
     return new AwsCustomResource(this, 'VerifyDomainIdentity', {
       onCreate: {
         service: 'SES',
@@ -131,7 +138,7 @@ export class VerifySesDomain extends Construct {
         },
         physicalResourceId: PhysicalResourceId.fromResponse('VerificationToken'),
       },
-      onDelete: {
+      onDelete: removalPolicy === RemovalPolicy.RETAIN ? undefined : {
         service: 'SES',
         action: 'deleteIdentity',
         parameters: {

src/verify-ses-domain.ts

@@ -19,7 +19,7 @@ export interface IVerifySesEmailAddressProps {
   /**
    * Whether to DESTROY or RETAIN the email address on removal.
    *
-   * @default RETAIN
+   * @default DESTROY
    */
   readonly removalPolicy?: RemovalPolicy;
 }
@@ -52,14 +52,14 @@ export class VerifySesEmailAddress extends Construct {
         physicalResourceId: PhysicalResourceId.of('verify-' + emailAddress),
         region,
       },
-      onDelete: RemovalPolicy.DESTROY == removalPolicy ? {
+      onDelete: removalPolicy === RemovalPolicy.RETAIN ? undefined : {
         service: 'SES',
         action: 'deleteIdentity',
         parameters: {
           Identity: emailAddress,
         },
         region,
-      } : undefined,
+      },
       policy: generateSesPolicyForCustomResource('VerifyEmailIdentity', 'DeleteIdentity'),
     });
   }