My SES account is out of sandbox. I am trying to send emails with SES using a Python lambda that is in a VPC. I know that the lambda being in a VPC is why I am having a task timeout when trying to run any boto3 SES SDK code. Note: I intend for this lambda to be invoked only through the Lambda console, not through API Gateway or another resource.
I have followed the steps in this article: https://docs.aws.amazon.com/ses/latest/dg/send-email-set-up-vpc-endpoints.html
I assigned subnets to a VPC interface endpoint for the email.smtp service. For the VPC itself, one of the subnets is in an AZ not supported by SES, but I did not assign that subnet to the interface endpoint--I only assigned the other 3 subnets which are supported by SES. The EC2 instance I created was private (only having a private IPv4 address). I included a CIDR of the IPv4 address as the source for the endpoint's security group. With the restricted traffic for port 25, I am using port 587 in the security group's inbound rule. I have not included anything in terms of NAT gateway, Direct Connect, or other resources/services. I am still seeing a task timeout with my boto3 lambda for using SES.
I am not finding any specific guidance on how the route table should be configured for SES. The route table for the VPC has no explicit subnet associations. The subnets without explicit association are all four subnets for the VPC (including the one in an AZ not supported by SES)--I do not know if that matters based on what I shared in the first paragraph.
Is there something additional I need to cover?
Do I need to use special SMTP credentials when integrating with SES this way?
Are there any specific configurations needed in the route table to tie the VPC to SES?
Is there only one EC2 instance needed?
AWS 공식업데이트됨 4년 전
