When you run workloads on VMware Cloud on AWS, you gain the advantage of being able to tap into a rich pool of AWS services. Here, we look at one of these services – Amazon Simple Email Service – to show how easy it is to set up, even when rigorous security policies are in place.
As any customer who runs workloads in VMware Cloud on AWS will tell you, the ability to integrate with AWS services is one of the most appealing benefits of using the platform.
One of my customers recently shared such a story. A multinational conglomerate and one of the largest listed companies on the Singapore Exchange by market capitalisation, this company hosts its multiple strategic modern applications running as microservices in Red Hat OpenShift Kubernetes clusters on VMware Cloud on AWS. With a need to send transactional messages, they chose Amazon Simple Email Service (SES) as it is a trustworthy, flexible and cost-effective email service provider for developers.
This customer operates in a heavily regulated industry – there are strict corporate security policies in place which limit the ability of internal systems to connect to the public internet. This means they cannot use the public Amazon SES endpoints. To work within these restrictions, they can access Amazon SES from their VMware Cloud workload – by directly connecting an Elastic Network Interface (ENI) to the virtual private cloud (VPC), without having to go over a VMware Cloud internet gateway.
As the above diagram illustrates, the VMware stack not only sits next to the AWS services, but is tightly integrated with them.
Benefits of Amazon SES
As well as being flexible and cost-effective, Amazon SES comes with enhanced security and compliance features. You can configure DKIM using your own RSA key pair, and there is support for HIPAA eligibility and FIPS 140-2 compliant endpoints.
For VMware Cloud customers, it offers the best of both worlds. You can run mission-critical modern apps on VMware Cloud, with a direct connection from these workloads to Amazon SES through a VPC endpoint, powered by AWS PrivateLink, in a secure and scalable manner.
How to set up Amazon SES with VMware Cloud
In just a few steps, you can enable communication between the VMware stack and AWS native service using Amazon SES.
Step 1 – Create a security group
- Set the private IP of your instance in the EC2 console
- Use 192.168.1.0/24 as the VMC segment
Step 2 – Create the VPC endpoint for Amazon SES
- Use the Creating an Interface Endpoint procedure in the VPC console
- Select the service name com.amazonaws.region.email-smtp
- Attach the security group that you just created
- Choose the Subnet ID of the VPC Subnet shown in VMC Console (find the VPC Subnet info from VMC Console > Networking & Security > Connected VPC)
Step 3 – Click on the VPC Endpoint ID link
Step 4 – Click on Subnets to find the ENI IP Address
Step 5 – Open Compute Gateway Firewall
- Best practice: specify ‘Sources’ as specific segments or IP addresses
- Best practice: specify ‘Services’ only to SMTP (TCP25) and SMTPS (TCP465)
Step 6 – After your endpoint is available, test your connection or send an email through the endpoint from VMware Cloud workload VMs.
Note that VPC endpoints currently do not support cross-region requests. With this in mind, make sure you create your endpoint in the same region in which you plan to issue your API calls to Amazon SES.
Amazon SES for VPC endpoints is generally available and you can use it in all regions where Amazon SES is available. There is no additional charge to use this feature. Interface VPC endpoint charges apply.
For other information related to VMware Cloud on AWS, here are some more learning resources for you:
- You can learn more about our VMware Cloud on AWS service at the VMware Cloud on AWS website or by viewing VMware Cloud on AWS: Overview
- Follow us on Twitter @vmwarecloudaws and give us a shout with #VMWonAWS
- Watch informative demos, overview videos, webinars and hear from our customers: VMware Cloud on AWS on YouTube
- Try the VMware Cloud on AWS Lightning Lab for a first-hand immersive experience
- Read our latest VMware Cloud on AWS blogs
- Obtain the VMware Cloud on AWS Solution Brief and VMware Cloud on AWS TCO 1-pager
- Follow the VMware Cloud on AWS release notes on continuing updates
- Read Technical Guides on Operations, Applications, and Performance
- Explore Feature Walkthroughs of Deployment, Configuration, Networking, and more