- Newest
- Most votes
- Most comments
This question is a few months old, so I'm wondering if there has been any movement toward more completely supporting certain AWS services, including SES, with IPv6 endpoints. It's kind of crazy that they're charging for IPv4 addresses, implying it's a limited resource; but at the same time not really completing the ability to support IPv6-only EC2 instances by making them able to connect to all the surrounding managed services.
That page Dmytro linked has a table "Services that support IPv6" which includes only services that have some form of IPv6 support, so because SES isn't listed at all it means it has no IPv6 support. As I commented before though, the scope of "no IPv6 support" is a bit ambiguous to me as to whether that's referring only to the service API or provisioned resources like smtp endpoints as well. So I checked at https://docs.aws.amazon.com/general/latest/gr/ses.html where SMTP endpoint domain names are listed, and tried "nslookup" on the us-east-1 ones - email-smtp.us-east-1.amazonaws.com and email-smtp-fips.us-east-1.amazonaws.com. These both returned only IPv4 addresses so I'm convinced that the SMTP endpoints don't support IPv6.
Thanks! Would be nice if someone from AWS could confirm. It seems odd that something as simple as email sending doesn't work with IPv6.
A possible solution would be to use NAT Gateway or NAT Instance on public network https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html (cheaper, tested)
It does not. However, you can create an SMTP endpoint for your VPC so that your EC2 instances can send emails using their private IPv4 addresses. Here are the steps:
- Create a smtp-endpoint Security Group, allowing Port 587 to/from 0.0.0.0/0
- Go to VPC > Endpoints
- Create a new Endpoint for the smtp service (e.g. email-smtp.us-east-1.amazonaws.com) for the desired VPC
- Assign all subnets within the desired VPC
- Check the security group created in step 0
If you have done everything correctly, then nslookup for your endpoint should return a private IP, and you should be able to see a 220 response from telnet, as well. E.g.
- nslookup email-smtp.us-east-1.amazonaws.com
- telnet email-smtp.us-east-1.amazonaws.com 587
I have the same problem. I tried Laney Stroup's solution. I got positive responses with nslookup and telnet but sending emails still doesn't work. In my case i use javascript AWS-SDK/client-ses
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
I find the page you linked isn't very well written. Is it talking about IPv6 support of AWS Service APIs, or connections to provisioned services themselves (e.g. the smtp endpoint in this case) or both? For example I think the page is saying that the SES API doesn't support IPv6, but I'm not sure whether it's providing any information about the smtp endpoint at all.
Where do you specifically see that SES is not supported on that page? I don't see it. Or is it because, it is not listed at all?