SNS Topic Pending Confirmation

A

anne101

New Member
I am setting up my MailWizz server for the first time (Yay!) and for the most part it's gone quite smoothly thanks to the various docs and these forums. However I was looking through things to be sure it had all hooked up correctly and my SNS topic was still pending confirmation.... I figured that was because it had made itself using the public ip, I updated it and thought for sure that would be all that's needed.... nope, still pending confirmation.

I went through the steps here
kb.mailwizz.com

Adding a new Amazon SES delivery server (Web API) - MailWizz KB

This article will drive you through the steps on creating and validating an Amazon SES delivery server. First of all you have to create an account here http://console.aws.amazon.com. Once you are done and you are logged in, you should search for the Simple Email Service The Simple Email...
kb.mailwizz.com

I am running MailWizz on an EC2 instance, using RDS for my db, and have an ELB in front to handle ssl cert stuff. There's an added complication layer though where we route access to the ELB endpoint through our remote proxy, this allows us to lock it down to only people within our google org. For this reason I gave the SNS topic the internal ELB endpoint instead of the external remote proxy endpoint. Both the instance and the ELB have port 80 and port 443 open to things within AWS.

EXAMPLE:
external:
internal-elb:
internal-ec2:
 
Also, we would prefer a less "wide-open" policy for aws permissions. Does mailwizz need access to anything other than SES or SNS? From my readings those are the only AWS things that would be used/needed.
 
If the SNS topic is pending, it means it didn't reach your application for confirmation.
Using a tool like Postman, can you do a POST request to the SNS endpoint, from your local computer for example?
 
Depends where I am, if I am outside of our aws account, no, if I am within our aws account, yes. This is by design as we want it locked down to external things. The SNS topic is within our aws account so it should be fully able to POST to the mailwizz server.

EXTERNAL
Code: 
anne@DESKTOP-6K420Q6:~$ curl -X POST https://mailwizz-backend.example.io/index.php/dswh/1
^C

INTERNAL
Code: 
root@ra-bd0:~# curl -X POST https://mailwizz-backend.example.io/index.php/dswh/1
<!DOCTYPE html>
<html dir="ltr">
<head>
    <meta charset="utf-8">
    <meta name="csrf-token-name" content="csrf_token" />
<meta name="csrf-token-value" content="QlB-blZOS0V5bGhTVkNuTUkxaDNZY2E5SGtGWE9tSVjXnm6y6NEf6UxX09j9GcRDOkf8wVgrmDBThPSA0I0Bfg==" />
<link rel="stylesheet" type="text/css" href="/assets/css/bootstrap.min.css?av=35360118" />
 
Hmmmm, did a little more looking into SNS and aws configurations, seems we need to get the SNS inside the VPC so it can talk to the instances privately/securely. I guess this is what I get for assuming it would have access by simply being part of the same account, hahaha. I will be diving into this today and will report back on my findings :)

Publishing an Amazon SNS message from Amazon VPC - Amazon Simple Notification Service

Learn how to publish messages privately to Amazon SNS from within Amazon Virtual Private Cloud (Amazon VPC).
docs.aws.amazon.com docs.aws.amazon.com
 
Turns out there are a few other reasons to not put our mailwizz server behind our remote proxy, so after I re-worked all the DNS stuff I simply deleted the AWS mail server and the SNS topic, regenerated my mailwizz urls, and re-created the mail server. The topic is now confirmed and (hopefully) working.

Also, it seems the answer is yes, the user only requires SES and SNS access. (At least, I haven't had any issues yet....)

I do think the answer would have been a VPC endpoint ultimately though :)
 
You must log in or register to reply here.
Back
Top