By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security group rule for Amazon SES SMTP endpoints

0

I want to define a outbound rule for security group, which allows only communication with Amazon SES SMTP endpoints :

$ dig email-smtp.eu-north-1.amazonaws.com +short
13.50.146.108
16.170.178.243
13.50.118.236

Will those IPs change from time to time? If they change , what is a meaningful ip range to setup?

Topics
Front-End Web & MobileBusiness ApplicationsNetworking & Content Delivery
Tags
Amazon Simple Email ServiceSecurity Group
Language
English
sedo
asked a year ago689 views
2 Answers
0

According to the documentation, if you are using the shared SES enpoints then they can change at anytime:

https://docs.aws.amazon.com/ses/latest/dg/dedicated-ip.html#:~:text=Shared%20IP%20addresses%E2%80%94you%20don%27t%20know%20the%20IP%20addresses%20that%20SES%20uses%20to%20send%20your%20mail%2C%20and%20they%20can%20change%20at%20any%20time.

It looks like there are other ( more pricey ) options to get more dedicated IP addresses, depending on how important it is to you. You might also be able to use a VPC Endpoint for SES calls and not have to allow outbound traffic:

https://docs.aws.amazon.com/ses/latest/dg/send-email-set-up-vpc-endpoints.html

larryjkl
answered a year ago
0

This post is the exact answer for your question

https://aws.amazon.com/blogs/messaging-and-targeting/amazon-ses-ip-addresses/

you can allow ip blocks instead of single ips but they also may change

so you have two options

you can check the ip ranges from time to time or you can create a script block to execute the commands in the article and whitelist those ips

profile picture
EXPERT
Sedat Salman
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content