Menu
Since April 2020, AWS supports VPC endpoints for SES (Simple Email Service.) Despite this, I cannot get a Lambda to communicate with SES using the endpoint. It always times out. Perhaps this is because the SES VPC Endpoints are only supported for EC2 instances in the VPC and not for Lambdas?
I have my infrastructure describe using Terraform, as described in this gist. ses_lambda.tf defines the infrastructure and basically implements this guide. sesTest.js is my Lambda function. terraform-show.out shows the result of terraform show limited just to the resources defined by ses_lambda.tf.
As you can see in ses_lambda.tf, the SES Endpoint's security group allows all traffic on any SMTP port (25, 465, 587, 2465, or 2587) from any IP in the VPC's CIDR block. So I'm confused about why this doesn't work...
585
There are many reasons why a function might time out, but the most likely is that it was waiting on an IO operation to complete. Maybe it was waiting on another service (such as DynamoDB or Stripe) to respond. Within a Lambda invocation, the function might perform multiple IO operations.
You can create an interface endpoint for Lambda using either the Amazon VPC console or the AWS Command Line Interface (AWS CLI).
It looks like SES VPC endpoints are SMTP endpoints not SES API endpoints. The guide is not explicit about it but it does mention SMTP ports and endpoints.
I created an endpoint and the private DNS name it produced was email-smtp.us-east-1.amazonaws.com (SMTP). SDK tries to connect to email.us-east-1.amazonaws.com (SES API).
It appears that the solution is to either use SMTP or setup NAT Gateway.
Update: Confirming that SMTP works over SES VPC endpoint in Lambda (as exptected).
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
