我正在嘗試通過我在 Fargate 的容器上運行的 Java 應用程式發送電子郵件。我的容器在 API 網關后面的 VPC 中運行,與外部服務的連接是通過 VPC 端點建立的。
所有這些基礎設施都是使用 Terraform 部署的。Java 應用程式在本地運行正常,但在部署到 AWS 時不能,所以我認為缺少一個配置。
Java 應用程式遵循此處的 AWS 指南:
https://docs.aws.amazon.com/ses/latest/dg/send-email-raw.html
以下是 Terraform 代碼的一些尖峰:
# SECURITY GROUPS
resource "aws_security_group" "security_group_containers" {
name = "security_group_containers_${var.project_name}_${var.environment}"
vpc_id = var.vpc_id
ingress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
self = true
}
egress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "security_group_containers_${var.project_name}_${var.environment}"
}
}
resource "aws_security_group" "security_group_ses" {
name = "security_group_ses_${var.project_name}_${var.environment}"
vpc_id = var.vpc_id
ingress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
egress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "security_group_ses_${var.project_name}_${var.environment}"
}
}
# VPC
resource "aws_vpc" "main" {
cidr_block = var.cidr
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_subnet" "private_subnet" {
vpc_id = aws_vpc.main.id
cidr_block = var.private_subnets[0]
availability_zone = "us-east-1b"
tags = {
Name= "private_subnet_${var.project_name}_${var.environment}"
}
}
# VPC ENDPOINT
resource "aws_vpc_endpoint" "ses_endpoint" {
security_group_ids = [aws_security_group.security_group_ses]
service_name = "com.amazonaws.${var.aws_region}.email-smtp"
vpc_endpoint_type = "Interface"
subnet_ids = [aws_subnet.private_subnet.id]
private_dns_enabled = true
tags = {
"Name" = "vpc_endpoint_ses_${var.project_name}_${var.environment}"
}
vpc_id = aws_vpc.main.id
}
如果缺少任何重要的服務,請告訴我,以便我添加。
如您所見,我保持所有流量開放,因此此處找到的解決方案不適用于我。當應用程式嘗試發送電子郵件時,出現以下錯誤:
software.amazon.awssdk.core.exception.SdkClientException: Unable to execute HTTP request: Connect to email.us-east-1.amazonaws.com:443 [email.us-east-1.amazonaws.com/52.0.170.238, email.us-east-1.amazonaws.com/54.234.96.52, email.us-east-1.amazonaws.com/34.239.37.81, email.us-east-1.amazonaws.com/18.208.125.60, email.us-east-1.amazonaws.com/52.204.223.71, email.us-east-1.amazonaws.com/18.235.72.5, email.us-east-1.amazonaws.com/18.234.10.182, email.us-east-1.amazonaws.com/44.194.249.132] failed: connect timed out
我認為我缺少一些配置來使 java awssdk 使用 VPC 端點。
編輯 01 - 添加執行策略:
arn:aws:iam::aws:policy/AmazonSESFullAccess
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:*"
],
"Resource": "*"
}
]
}
arn:aws:iam::aws:policy/AmazonECS_FullAccess(太大)
arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
編輯 02 - 更改為使用 SMTP 庫:
使用的代碼可以在這里找到
使用 SMTP 一切正常
uj5u.com熱心網友回復:
您已為 SES SMTP API 創建了一個 VPC 終端節點,但您收到的錯誤訊息email.us-east-1.amazonaws.com:443是針對 AWS SES Service API。您可以在此處查看兩組 API 。如果您在 Java 應用程式中使用 AWS 開發工具包與 SES 互動,則需要將 VPC 終端節點更改為service_name = "com.amazonaws.${var.aws_region}.email"
如果您將 Java 應用程式配置為使用 SMTP(例如使用 JavaMail API),您當前的端點配置將起作用。
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/464906.html