- Newest
- Most votes
- Most comments
The .api.aws SMTP endpoints work over IPv6, just replace .amazonaws.com with that
https://docs.aws.amazon.com/general/latest/gr/ses.html#ses_smtp_endpoints
This question is a few months old, so I'm wondering if there has been any movement toward more completely supporting certain AWS services, including SES, with IPv6 endpoints. It's kind of crazy that they're charging for IPv4 addresses, implying it's a limited resource; but at the same time not really completing the ability to support IPv6-only EC2 instances by making them able to connect to all the surrounding managed services.
Hi,
According to the link AWS SES doesn't have IPv6 support.
I find the page you linked isn't very well written. Is it talking about IPv6 support of AWS Service APIs, or connections to provisioned services themselves (e.g. the smtp endpoint in this case) or both? For example I think the page is saying that the SES API doesn't support IPv6, but I'm not sure whether it's providing any information about the smtp endpoint at all.
Where do you specifically see that SES is not supported on that page? I don't see it. Or is it because, it is not listed at all?
It looks like the page has been updated to show IPv6 support for AWS SES. However, it is strange that you have to use the .api.aws ending rather than the amazonaws.com ending for nslookup (see Dark's answer). Any chance AWS can change this?
That page Dmytro linked has a table "Services that support IPv6" which includes only services that have some form of IPv6 support, so because SES isn't listed at all it means it has no IPv6 support. As I commented before though, the scope of "no IPv6 support" is a bit ambiguous to me as to whether that's referring only to the service API or provisioned resources like smtp endpoints as well. So I checked at https://docs.aws.amazon.com/general/latest/gr/ses.html where SMTP endpoint domain names are listed, and tried "nslookup" on the us-east-1 ones - email-smtp.us-east-1.amazonaws.com and email-smtp-fips.us-east-1.amazonaws.com. These both returned only IPv4 addresses so I'm convinced that the SMTP endpoints don't support IPv6.
Thanks! Would be nice if someone from AWS could confirm. It seems odd that something as simple as email sending doesn't work with IPv6.
It does not. However, you can create an SMTP endpoint for your VPC so that your EC2 instances can send emails using their private IPv4 addresses. Here are the steps:
- Create a smtp-endpoint Security Group, allowing Port 587 to/from 0.0.0.0/0
- Go to VPC > Endpoints
- Create a new Endpoint for the smtp service (e.g. email-smtp.us-east-1.amazonaws.com) for the desired VPC
- Assign all subnets within the desired VPC
- Check the security group created in step 0
If you have done everything correctly, then nslookup for your endpoint should return a private IP, and you should be able to see a 220 response from telnet, as well. E.g.
- nslookup email-smtp.us-east-1.amazonaws.com
- telnet email-smtp.us-east-1.amazonaws.com 587
NOTE: I abandoned this solution, as the private endpoints for AWS SES were too pricey.
A possible solution would be to use NAT Gateway or NAT Instance on public network https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html (cheaper, tested)
I have the same problem. I tried Laney Stroup's solution. I got positive responses with nslookup and telnet but sending emails still doesn't work. In my case i use javascript AWS-SDK/client-ses
Relevant content
- asked 6 months ago
- AWS OFFICIALUpdated 8 months ago
Good to know! Can you confirm that sending emails via AWS SES works using this solution?
It is strange that the normal amazonaws.com endpoints do not allow IPv6 lookup. Hopefully AWS will update this at some point, as this requirement is not listed on their IPv6 support page (https://docs.aws.amazon.com/vpc/latest/userguide/aws-ipv6-support.html).