New – HAQM Simple Email Service (SES) for VPC Endpoints

Although chat and messaging applications have been popular, the email has retained its place as a ubiquitous channel with the highest Return on Investment (ROI) because of its low barrier to entry, affordability and ability to target specific recipients. To ensure that organization’s marketing and transactional messages are received by the end customer in a timely manner and to drive deeper engagement with them, you need to partner with a mature and trusted email service provider that has built specialized expertise in delivering email at scale.

HAQM Simple Email Services(SES) has been the trustworthy, flexible and affordable email service provider for developers and digital marketers since 2011. HAQM SES is a reliable, cost-effective service for businesses of all sizes that use email to keep in contact with their customers. Many businesses operate in industries that are highly secure and have strict security policies. So we have enhanced security and compliance features in HAQM SES, such as enabling you to configure DKIM using your own RSA key pair, and support HIPAA Eligibility and FIPS 140-2 Compliant Endpoints as well as regional expansions.

Today, I am pleased to announce that customers can now connect directly from Virtual Private Cloud (VPC) to HAQM SES through a VPC Endpoint, powered by AWS PrivateLink, in a secure and scalable manner. You can now access HAQM SES through your VPC without requiring an Internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. When you use an interface VPC Endpoint, communication between your VPC and HAQM SES SMTP endpoint stays within the HAQM network, adding increased security.

With this launch, the traffic to HAQM SES does not transit over the Internet and never leaves the HAQM network to securely connect their VPC to HAQM SES without imposing availability risks or bandwidth constraints on their network traffic. You can centralize HAQM SES across your multi-account infrastructure and provide it as a service to your accounts without the need to utilizing an Internet gateway.

HAQM SES for VPC Endpoints – Getting Started
If you want to test sending emails from your EC2 instance in default VPC, you can set up VPC Endpoints with SES step by step. Create a Security Group with following inbound rules and set the private IP of your instance in the EC2 console.

To create the VPC Endpoint for HAQM SES, use the Creating an Interface Endpoint procedure in the VPC console and select com.amazonaws.region.email-smtp service name, and attach security group that you just create it.

After your endpoint will be available, you can ssh to your EC2 instance and use openssl command to test connection or send email through just created endpoint. You can interact with the same way of SMTP interface from your operating system’s command line.

$ openssl s_client -crlf -quiet -starttls smtp -connect email-smtp.ap-southeast-2.amazonaws.com:587
...
depth=2 C = US, O = HAQM, CN = HAQM Root CA 1
verify return:1
depth=1 C = US, O = HAQM, OU = Server CA 1B, CN = HAQM
verify return:1
depth=0 CN = email-smtp.ap-southeast-2.amazonaws.com
verify return:1
...
220 email-smtp.amazonaws.com ESMTP SimpleEmailService-d-ZIFLXXX 
HELO email-smtp.amazonaws.com
...
250 Ok

Note that VPC Endpoints currently do not support cross-region requests—ensure that you create your endpoint in the same region in which you plan to issue your API calls to HAQM SES.

Now Available!
HAQM SES for VPC Endpoints is generally available and you can use it in all regions where HAQM SES is available. There is no additional charge to use this feature. Interface VPC endpoint charges apply. Take a look at the product page and the documentation to learn more. Please send feedback to AWS forum for HAQM SES or through your usual AWS support contacts.

— Channy;