- Newest
- Most votes
- Most comments
Our company received the same notifications. Here are the steps we tried (the last one was finally successful):
1- We first tried the recommended approaches in the email, regarding setting up CloudTrail Lake https://aws.amazon.com/blogs/mt/using-aws-cloudtrail-lake-to-identify-older-tls-connections-to-aws-service-endpoints, but unfortunately, as described here https://docs.aws.amazon.com/ses/latest/dg/logging-using-cloudtrail.html, Amazon SES delivers only management events to CloudTrail, which are different from data events (SendEmail, SendRawEmail, SendTemplatedEmail, SendBulkTemplatedEmail).
2- We then tried to set up Kinesis Data Firehose event destination as described here https://docs.aws.amazon.com/ses/latest/dg/event-publishing-add-event-destination-firehose.html, but despite being able to analyse message events through Amazon S3, the noticed that TLS version is not included in the event object.
3- The solution was to run our application on a local environment and set up Wireshark to analyse outgoing packages, so then we were finally able to identify that we were actually sending SMTP messages over TLSv1. After making the appropriate changes in the application code, we could verify that the new connections were being made over TLSv1.2, which will soon be the minimum supported TLS version.
Before application code changes:
After application code changes:
Hope you can use the same approach to identify the version of the TLS connections your application is using.
Same question here. I followed the sample query but observed no SES mail sending calls
You can use CloudTrail to ID these outdated TLS calls. Follow the steps, and use the sample TLS query, in the following blog post Using AWS CloudTrail Lake to identify older TLS connections. There is also a built-in sample CloudTrail TLS query available in the AWS CloudTrail Lake console.
If this post was helpful please remember to mark the answer as accepted, I hope this helps and good luck.
Relevant content
- Accepted Answerasked 9 months ago
- asked 10 months ago
- asked 8 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago
Ya, I've tried that. I can see Management Events but I'm guessing that SES's SendRawEmail call is NOT a "Management Event" but rather a "Data Event"? However I cannot see how to add those Data Events to the CloudTrail Lake data store.
I run my code that sends emails using SendRawEmail, I should (in theory) be able to see those logs (whatever version of TLS they use - obviously changing the query as needed) however I see none of them. I only see "Management Events" (ie stuff coming from AWS Console / etc).
How do I see logs of SendRawEmail calls (regardless of TLS version)?