aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard
verified publisher icon aws

fix: set the correct port for the SES SMTP servie endpoint

Open johnf opened this issue 6 months ago • 1 comments

Issue # (if applicable)

I didn't create an issue went stright to PR

Reason for this change

const sesEndpoint = new ec2.InterfaceVpcEndpoint(this, 'SESEndpoint', {
  service: ec2.InterfaceVpcEndpointAwsService.EMAIL_SMTP,
  vpc,
  subnets: {
    subnets,
  },
});

The endpoint helper automatically creates a security group with port 443. The EMAIL_SMPT helper should set this to 587

Description of changes

I've updated the definition to pass in the correct port overriding the default.

I've worked around this in my own code by not using the predefined helper

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Tested by hand

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

johnf avatar Jun 18 '25 13:06 johnf

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. Note that PRs with failing linting check or builds are not reviewed, please ensure your build is passing

To prevent automatic closure:

  • Resume work on the PR
  • OR request an exemption by adding a comment containing 'Exemption Request' with justification e.x "Exemption Request: "
  • OR request clarification by adding a comment containing 'Clarification Request' with a question e.x "Clarification Request: "

This PR will automatically close in 14 days if no action is taken.

aws-cdk-automation avatar Jul 10 '25 00:07 aws-cdk-automation

I restricted the VPC integ test to us-west-2 as the SES endpoint is not available in all subnets of us-east-1. Happy to take a different approach with some guidance.

johnf avatar Jul 14 '25 09:07 johnf

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 852e4482dae4b43a03f33f14660094dc7b336ffe
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

aws-cdk-automation avatar Jul 14 '25 10:07 aws-cdk-automation

Hi @johnf The change looks good to me, I'll approve it but you will also need to rebase and solve the conflicts on this one

alvazjor avatar Sep 11 '25 08:09 alvazjor

@johnf This PR is just waiting rebase, but since there are conflicts, it needs to be done on your side. Will you have time to take a look and fix the conflicts?

alvazjor avatar Oct 01 '25 09:10 alvazjor

@alvazjor I'll give it another try over the weekend. I was having issues running the tests. It tends to run too many in parallel, blowing out my 32GB of RAM!

Also at least when I run them there are lots of broken tests (at least there were a few weeks back)

johnf avatar Oct 01 '25 21:10 johnf

I'm recreating the integration snapshots now. Please note

Failed: /home/johnf/dev/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js
!!! This test contains destructive changes !!!
    Stack: aws-cdk-ec2-vpc-endpoint - Resource: MyVpcEcrDockerEndpoint0385050C - Impact: WILL_REPLACE
    Stack: aws-cdk-ec2-vpc-endpoint - Resource: MyVpcDynamoDbInterfaceEndpointA97B3149 - Impact: WILL_REPLACE
    Stack: aws-cdk-ec2-vpc-endpoint - Resource: MyVpcCloudwatchLogsEndpointB1C11ADC - Impact: WILL_REPLACE
!!! If these destructive changes are necessary, please indicate this on the PR !!!

This is due to the region change mentioned above

johnf avatar Oct 06 '25 02:10 johnf

@alvazjor I can't manage to get the integration tests to run I keep getting

  FAILED     aws-ec2/test/integ.vpc-endpoint.lit-integ.vpc-endpoint.lit (undefined/us-east-1) 213.262s
      Integration test failed: ToolkitError: ❌  aws-cdk-ec2-vpc-endpoint failed: ToolkitError: The stack named aws-cdk-ec2-vpc-endpoint failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "The Vpc Endpoint Service 'com.amazonaws.vpce.us-east-1.vpce-svc-123456' does not exist (Service: Ec2, Status Code: 400, Request ID: 045fd614-df4a-4f76-8c4f-a2db5622f297) (SDK Attempt Count: 1)" (RequestToken: a6327d9b-b644-b3ed-dc70-86384097198b, HandlerErrorCode: InvalidRequest)

johnf avatar Oct 06 '25 02:10 johnf

@johnf I will try to reproduce the change in my end and deploy the tests to see if I also get the same issue

alvazjor avatar Oct 08 '25 08:10 alvazjor

Hi @johnf ! Sorry for the late reply, can you run the integ test with the --dry-run option instead? This will update the snapshots without deploying to an AWS account. You can then push the updated snapshots to this PR and we'll try to deploy it ourselves.

Abogical avatar Nov 04 '25 11:11 Abogical

Hi @johnf ! Sorry for the late reply, can you run the integ test with the --dry-run option instead? This will update the snapshots without deploying to an AWS account. You can then push the updated snapshots to this PR and we'll try to deploy it ourselves.

Done

johnf avatar Nov 05 '25 22:11 johnf