aws-ec2: duplicate InterfaceVpcEndpointAwsService for SES, EMAIL_SMTP #27662
Description
Describe the bug
The definition of InterfaceVpcEndpointAwsService contains definitions for SES and EMAIL_SMTP, but these both create services with the name email-smtp[.suffix].
It is not clear what, if any, functional difference there is between these two.
Expected Behavior
Either of the following:
- There only to be one service present for
email-smtp - The difference, if there is one, to be explained
Current Behavior
Both are available, which means if in confusion or hedging your bets you try to use both, you cannot because CloudFormation will return:
Resource handler returned message: "private-dns-enabled cannot be set because there is already a conflicting DNS domain for email-smtp.[region].amazonaws.com in the VPC [VPC name]
Reproduction Steps
import * as cdk from "aws-cdk-lib";
import * as ec2 from "aws-cdk-lib/aws-ec2";
import { Construct } from "constructs";
export class DemoStack extends cdk.Stack {
constructor(
scope: Construct,
id: string,
props: cdk.StackProps
) {
super(scope, id, props);
const vpc = new ec2.Vpc(this, "vpc", {
ipAddresses: ec2.IpAddresses.cidr("10.1.0.0/16"),
availabilityZones: ["eu-west-1a", "eu-west-1b", "eu-west-1c"],
enableDnsHostnames: true,
enableDnsSupport: true,
subnetConfiguration: [
{
cidrMask: 26,
name: "Endpoints",
subnetType: ec2.SubnetType.PRIVATE_ISOLATED,
},
],
});
new ec2.InterfaceVpcEndpoint(this, "sesEndpoint", {
vpc: vpc,
service: ec2.InterfaceVpcEndpointAwsService.SES,
subnets: { subnetGroupName: "Endpoints" },
privateDnsEnabled: true,
});
new ec2.InterfaceVpcEndpoint(this, "smtpEndpoint", {
vpc: vpc,
service: ec2.InterfaceVpcEndpointAwsService.EMAIL_SMTP,
subnets: { subnetGroupName: "Endpoints" },
privateDnsEnabled: true,
});
}
}
Possible Solution
Document the reason for the presence of both, or, deprecate one of them.
Additional Information/Context
As a user of SES, I would like to be clear if the interface endpoints provided give access to the SMTP host, the SES REST API, or both. It appears to be the former, but one might expect the SES interface endpoint to provide access to the API and the EMAIL_SMTP interface endpoint to provide access to the SMTP host (e.g. email-smtp.eu-west-1.amazonaws.com).
CDK CLI Version
2.83.1 (build 006b542)
Framework Version
No response
Node.js Version
18.17.1
OS
Linux
Language
TypeScript
Language Version
No response
Other information
Previous commits to add the existing options are here and here.
Both commits were released in version 2.47.0. It feels likely that the release should have contained only one entry. I suspect EMAIL_SMTP makes the most sense because it explicitly refers to the SMTP host, I think.
@watany-dev and @clueleaf might have additional context here.