Skip to content

[SES VPC Endpoints] Incorrect Service Name for HTTPS VPC Endpoints #31669

New issue
New issue
Open
Open
[SES VPC Endpoints] Incorrect Service Name for HTTPS VPC Endpoints#31669
Labels
@aws-cdk/aws-sesRelated to Amazon Simple Email ServicebugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2
@vinmvn

Description

@vinmvn
vinmvn
opened on Oct 5, 2024

Describe the bug

When creating SES VPC endpoints using AWS CDK, the generated endpoints are for com.amazonaws.ap-southeast-2.email-smtp, rather than the expected com.amazonaws.ap-southeast-2.email service name, which supports HTTPS for SES.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Version

No response

Expected Behavior

The SES VPC endpoint generated by the CDK should have the service name com.amazonaws.ap-southeast-2.email, which corresponds to the HTTPS service, not the SMTP service. The SES service endpoint in the CDK is generating an endpoint with com.amazonaws.ap-southeast-2.email-smtp, which is incorrect when HTTPS is intended.

Current Behavior

The code snippet below creates an SES VPC endpoint in CDK, but the generated resource references the com.amazonaws.ap-southeast-2.email-smtp service:

ses_vpc_endpoint = ec2.InterfaceVpcEndpoint(
    self, "SESEMAILENDPOINTTEST",
    vpc=vpc,
    service=ec2.InterfaceVpcEndpointAwsService.SES,
    private_dns_enabled=True,
    subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_ISOLATED)
)

The expected resource should reference com.amazonaws.ap-southeast-2.email, but instead, the output is:

"serviceName": "com.amazonaws.ap-southeast-2.email-smtp"

Reproduction Steps

Both of these CDK code generates same serviceName - (ec2.InterfaceVpcEndpointAwsService.EMAIL_SMTP and ec2.InterfaceVpcEndpointAwsService.SES)

ses_vpc_endpoint = ec2.InterfaceVpcEndpoint(
    self, "SESSMTPENDPOINTTEST",
    vpc=vpc,
    service=ec2.InterfaceVpcEndpointAwsService.SES,
    private_dns_enabled=True,
    subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_ISOLATED)
)
ses_vpc_endpoint = ec2.InterfaceVpcEndpoint(
    self, "SESSMTPENDPOINTTEST",
    vpc=vpc,
    service=ec2.InterfaceVpcEndpointAwsService.EMAIL_SMTP,
    private_dns_enabled=True,
    subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PRIVATE_ISOLATED)
)

Upon synthesis, both the resources the generated o CloudFormation stack results in same serviceName:

"serviceName": "com.amazonaws.ap-southeast-2.email-smtp"

Possible Solution

The CDK should generate the correct service name when ec2.InterfaceVpcEndpointAwsService.SES is used. The service name should point to the HTTPS endpoint com.amazonaws.ap-southeast-2.email, rather than the SMTP service.

Additional Information/Context

No response

CDK CLI Version

2.121.1

Framework Version

No response

Node.js Version

v20.17.0

OS

macOS Sonoma 14.5

Language

Python

Language Version

3.10.13

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-sesRelated to Amazon Simple Email ServicebugThis issue is a bug.effort/smallSmall work item – less than a day of effortp2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions