fix: set the correct port for the SES SMTP servie endpoint

[johnf]

Issue # (if applicable)

I didn't create an issue went stright to PR

Reason for this change

const sesEndpoint = new ec2.InterfaceVpcEndpoint(this, 'SESEndpoint', {
  service: ec2.InterfaceVpcEndpointAwsService.EMAIL_SMTP,
  vpc,
  subnets: {
    subnets,
  },
});

The endpoint helper automatically creates a security group with port 443.
The EMAIL_SMPT helper should set this to 587

Description of changes

I've updated the definition to pass in the correct port overriding the default.

I've worked around this in my own code by not using the predefined helper

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Tested by hand

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[aws-cdk-automation]

(This review is outdated)

[aws-cdk-automation]

This PR has been in the CHANGES REQUESTED state for 3 weeks, and looks abandoned. Note that PRs with failing linting check or builds are not reviewed, please ensure your build is passing

To prevent automatic closure:

• Resume work on the PR
• OR request an exemption by adding a comment containing 'Exemption Request' with justification e.x "Exemption Request: "
• OR request clarification by adding a comment containing 'Clarification Request' with a question e.x "Clarification Request: "

This PR will automatically close in 14 days if no action is taken.

[johnf]

I restricted the VPC integ test to us-west-2 as the SES endpoint is not available in all subnets of us-east-1.
Happy to take a different approach with some guidance.

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 852e448
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[alvazjor]

Hi @johnf
The change looks good to me, I'll approve it but you will also need to rebase and solve the conflicts on this one

[alvazjor]

@johnf
This PR is just waiting rebase, but since there are conflicts, it needs to be done on your side. Will you have time to take a look and fix the conflicts?

[johnf]

@alvazjor I'll give it another try over the weekend. I was having issues running the tests.
It tends to run too many in parallel, blowing out my 32GB of RAM!

Also at least when I run them there are lots of broken tests (at least there were a few weeks back)

[johnf]

I'm recreating the integration snapshots now. Please note

Failed: /home/johnf/dev/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.vpc-endpoint.lit.js
!!! This test contains destructive changes !!!
    Stack: aws-cdk-ec2-vpc-endpoint - Resource: MyVpcEcrDockerEndpoint0385050C - Impact: WILL_REPLACE
    Stack: aws-cdk-ec2-vpc-endpoint - Resource: MyVpcDynamoDbInterfaceEndpointA97B3149 - Impact: WILL_REPLACE
    Stack: aws-cdk-ec2-vpc-endpoint - Resource: MyVpcCloudwatchLogsEndpointB1C11ADC - Impact: WILL_REPLACE
!!! If these destructive changes are necessary, please indicate this on the PR !!!

This is due to the region change mentioned above

Pull request has been modified.

[johnf]

@alvazjor I can't manage to get the integration tests to run I keep getting

  FAILED     aws-ec2/test/integ.vpc-endpoint.lit-integ.vpc-endpoint.lit (undefined/us-east-1) 213.262s
      Integration test failed: ToolkitError: ❌  aws-cdk-ec2-vpc-endpoint failed: ToolkitError: The stack named aws-cdk-ec2-vpc-endpoint failed creation, it may need to be manually deleted from the AWS console: ROLLBACK_COMPLETE: Resource handler returned message: "The Vpc Endpoint Service 'com.amazonaws.vpce.us-east-1.vpce-svc-123456' does not exist (Service: Ec2, Status Code: 400, Request ID: 045fd614-df4a-4f76-8c4f-a2db5622f297) (SDK Attempt Count: 1)" (RequestToken: a6327d9b-b644-b3ed-dc70-86384097198b, HandlerErrorCode: InvalidRequest)

[aws-cdk-automation]

(This review is outdated)

[alvazjor]

@johnf I will try to reproduce the change in my end and deploy the tests to see if I also get the same issue

[Abogical]

Hi @johnf ! Sorry for the late reply, can you run the integ test with the --dry-run option instead? This will update the snapshots without deploying to an AWS account. You can then push the updated snapshots to this PR and we'll try to deploy it ourselves.

[johnf]

Hi @johnf ! Sorry for the late reply, can you run the integ test with the --dry-run option instead? This will update the snapshots without deploying to an AWS account. You can then push the updated snapshots to this PR and we'll try to deploy it ourselves.

Done

✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.

[Abogical]

Following snapshot needs to be updated:

@aws-cdk-testing/framework-integ:   CHANGED    aws-ec2/test/integ.vpc-endpoint.lit 4.354s
@aws-cdk-testing/framework-integ:       Security Group Changes
@aws-cdk-testing/framework-integ:       ┌───┬──────────────────────────────────────────────────────────┬─────┬────────────┬────────────────────────────┐
@aws-cdk-testing/framework-integ:       │   │ Group                                                    │ Dir │ Protocol   │ Peer                       │
@aws-cdk-testing/framework-integ:       ├───┼──────────────────────────────────────────────────────────┼─────┼────────────┼────────────────────────────┤
@aws-cdk-testing/framework-integ:       │ + │ ${MyVpcCrossRegionEndpointSecurityGroup371BDCEC.GroupId} │ In  │ TCP 443    │ ${MyVpcF9F0CA6F.CidrBlock} │
@aws-cdk-testing/framework-integ:       │ + │ ${MyVpcCrossRegionEndpointSecurityGroup371BDCEC.GroupId} │ Out │ Everything │ Everyone (IPv4)            │
@aws-cdk-testing/framework-integ:       └───┴──────────────────────────────────────────────────────────┴─────┴────────────┴────────────────────────────┘
@aws-cdk-testing/framework-integ:       (NOTE: There may be security-related changes not in this list. See https://github.com/aws/aws-cdk/issues/1299)
@aws-cdk-testing/framework-integ:       
@aws-cdk-testing/framework-integ:       Resources
@aws-cdk-testing/framework-integ:       [+] AWS::EC2::SecurityGroup MyVpcCrossRegionEndpointSecurityGroup371BDCEC
@aws-cdk-testing/framework-integ:       [+] AWS::EC2::VPCEndpoint MyVpcCrossRegionEndpoint9A9ABB87