Skip to content

feat: add ses relay #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
smohiudd merged 22 commits into from
Jan 9, 2026
Merged

feat: add ses relay #172

smohiudd merged 22 commits into from
Jan 9, 2026

Conversation

@smohiudd
Copy link
Contributor

@smohiudd smohiudd commented Jan 6, 2026
edited
Loading

Description

SMCE does not allow creating SMTP credentials for security reasons so we need an SES relay.
Add Fargate service with NLB for SES relay (https://github.com/loopingz/smtp-relay/)

@github-actions
Copy link

github-actions bot commented Jan 6, 2026
edited
Loading

Diff for stage: DefaultStage

Warning

1 Destructive Changes

No Changes for stack: veda-keycloak-dev ✅

Diff for stack: veda-ses-relay-dev - 0 to add, 1 to update, 0 to destroy

Details

[!WARNING]
Destructive Changes ‼️
Stack: veda-ses-relay-dev - Resource: FargateServiceTaskDef940E3A80 - Impact: WILL_REPLACE

Resources
[~] AWS::ECS::TaskDefinition FargateServiceTaskDef940E3A80 replace
 └─ [~] ContainerDefinitions (requires replacement)
     └─ @@ -2,7 +2,7 @@
        [ ] {
        [ ]   "Essential": true,
        [ ]   "Image": {
        [-]     "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:c787de7da6b3c3ff211ffbf82a777354ce81afe738e0999e50ef22197e29d268"
        [+]     "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:0e337c22a95ac353500e03a9a71f167eaf17e4ded349977937c57d653dbfb596"
        [ ]   },
        [ ]   "LogConfiguration": {
        [ ]     "LogDriver": "awslogs",

Generated for commit 9ed071d at 2026-01-06T21:18:29.851Z

@smohiudd smohiudd changed the title add ses relay feat: add ses relay Jan 8, 2026
@smohiudd smohiudd requested a review from alukach January 8, 2026 22:36
alukach
alukach approved these changes Jan 9, 2026
View reviewed changes
Copy link
Member

@alukach alukach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The relay authenticates to AWS using IAM (task role) and delivers messages to SES using the SES API (for example, ses:SendEmail, ses:SendRawEmail), avoiding the need for SES SMTP credentials.

Wow, very interesting/clever technique! Looks good!

@smohiudd smohiudd merged commit ab30b26 into main Jan 9, 2026
1 check passed
@smohiudd smohiudd deleted the feature/ses-relay branch January 9, 2026 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alukach alukach alukach approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@smohiudd @alukach