0

I have a configuration with autoscaled Fargate containers. Email are sent properly when using SES Simple Email Service in configuration with public Subnet or with NAT configuration. When containers are moved to a private subnet with SES endpoint interface emails are no longer sent. Two below options with connection timeout messages:

  1. For Java mail with the code as in https://docs.aws.amazon.com/ses/latest/DeveloperGuide/examples-send-using-smtp.html error

Couldn't connect to host, port: email-smtp.eu-central-1.amazonaws.com, 587; timeout -1

  1. For aws-java-sdk-ses

Unable to execute HTTP request: Connect to email.eu-central-1.amazonaws.com:443 [email.eu-central-1.amazonaws.com/...] failed: Connect timed out

VPCE endpoint for SES configured similarly to the one for EC2 at https://aws.amazon.com/blogs/aws/new-amazon-simple-email-service-ses-for-vpc-endpoints/ . Is there anything required to associate SES traffic from containers to endpoint interface with containers IPs not known in advance (only IP range known)?

Mirek
  • 9
  • 1

1 Answers1

0

Finally solved - in case it can help anyone, port 587 needs to be open for inbound rules in VPC Endpoint's security group.

Mirek
  • 9
  • 1
  • I'm currently having the same issue. Could you please be a little more clear on what you mean here? Are you saying based on the security group created in the guide you linked that it is missing a step? What I think you're saying is also add inbound connections for port 587 on the security group added to the email-smtp vpc endpoint is that correct? – After_Sunset Jul 25 '22 at 12:53
  • Furthermore, you reference a SMTP error code with port 587 and then you reference a aws-java-ssdk-ses error code on port 443 does this solution fix one and not the other if so which one? – After_Sunset Jul 25 '22 at 12:58