I have a configuration with autoscaled Fargate containers. Email are sent properly when using SES Simple Email Service in configuration with public Subnet or with NAT configuration. When containers are moved to a private subnet with SES endpoint interface emails are no longer sent. Two below options with connection timeout messages:
- For Java mail with the code as in https://docs.aws.amazon.com/ses/latest/DeveloperGuide/examples-send-using-smtp.html error
Couldn't connect to host, port: email-smtp.eu-central-1.amazonaws.com, 587; timeout -1
- For aws-java-sdk-ses
Unable to execute HTTP request: Connect to email.eu-central-1.amazonaws.com:443 [email.eu-central-1.amazonaws.com/...] failed: Connect timed out
VPCE endpoint for SES configured similarly to the one for EC2 at https://aws.amazon.com/blogs/aws/new-amazon-simple-email-service-ses-for-vpc-endpoints/ . Is there anything required to associate SES traffic from containers to endpoint interface with containers IPs not known in advance (only IP range known)?
Finally solved - in case it can help anyone, port 587 needs to be open for inbound rules in VPC Endpoint's security group.