我正在尝试通过我在 Fargate 的容器上运行的 Java 应用程序发送电子邮件。我的容器在 API 网关后面的 VPC 中运行,与外部服务的连接是通过 VPC 端点建立的。
所有这些基础设施都是使用 Terraform 部署的。Java 应用程序在本地运行正常,但在部署到 AWS 时不能,所以我认为缺少一个配置。
Java 应用程序遵循此处的 AWS 指南:
https://docs.aws.amazon.com/ses/latest/dg/send-email-raw.html
以下是 Terraform 代码的一些尖峰:
# SECURITY GROUPS
resource "aws_security_group" "security_group_containers" {
name = "security_group_containers_${var.project_name}_${var.environment}"
vpc_id = var.vpc_id
ingress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
self = true
}
egress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "security_group_containers_${var.project_name}_${var.environment}"
}
}
resource "aws_security_group" "security_group_ses" {
name = "security_group_ses_${var.project_name}_${var.environment}"
vpc_id = var.vpc_id
ingress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
egress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "security_group_ses_${var.project_name}_${var.environment}"
}
}
# VPC
resource "aws_vpc" "main" {
cidr_block = var.cidr
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_subnet" "private_subnet" {
vpc_id = aws_vpc.main.id
cidr_block = var.private_subnets[0]
availability_zone = "us-east-1b"
tags = {
Name= "private_subnet_${var.project_name}_${var.environment}"
}
}
# VPC ENDPOINT
resource "aws_vpc_endpoint" "ses_endpoint" {
security_group_ids = [aws_security_group.security_group_ses]
service_name = "com.amazonaws.${var.aws_region}.email-smtp"
vpc_endpoint_type = "Interface"
subnet_ids = [aws_subnet.private_subnet.id]
private_dns_enabled = true
tags = {
"Name" = "vpc_endpoint_ses_${var.project_name}_${var.environment}"
}
vpc_id = aws_vpc.main.id
}
如果缺少任何重要的服务,请告诉我,以便我添加。
如您所见,我保持所有流量开放,因此此处找到的解决方案不适用于我。当应用程序尝试发送电子邮件时,出现以下错误:
software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: Connect to email.us-east-1.amazonaws.com:443 [email.us-east-1.amazonaws.com/52.0.170.238, email.us-east-1.amazonaws.com/54.234.96.52, email.us-east-1.amazonaws.com/34.239.37.81, email.us-east-1.amazonaws.com/18.208.125.60, email.us-east-1.amazonaws.com/52.204.223.71, email.us-east-1.amazonaws.com/18.235.72.5, email.us-east-1.amazonaws.com/18.234.10.182, email.us-east-1.amazonaws.com/44.194.249.132] failed: connect timed out
我认为我缺少一些配置来使 java awssdk 使用 VPC 端点。
编辑 01 - 添加执行策略:
arn:aws:iam::aws:policy/AmazonSESFullAccess
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:*"
],
"Resource": "*"
}
]
}
arn:aws:iam::aws:policy/AmazonECS_FullAccess(太大)
arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
编辑 02 - 更改为使用 SMTP 库:
使用的代码可以在这里找到
使用 SMTP 一切正常
您已为 SES SMTP API 创建了一个 VPC 终端节点,但您收到的错误消息email.us-east-1.amazonaws.com:443是针对 AWS SES Service API。您可以在此处查看两组 API 。如果您在 Java 应用程序中使用 AWS 开发工具包与 SES 交互,则需要将 VPC 终端节点更改为service_name = "com.amazonaws.${var.aws_region}.email"
如果您将 Java 应用程序配置为使用 SMTP(例如使用 JavaMail API),您当前的端点配置将起作用。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句