Failure after waiting for DKIM

[mnlkrs]

Hey there,

after waiting for the DKIM verification for quite some time, the Lambdas times out.
After that, CloudFormation tries calling the Lambda again, the Lambda tries settings entries it has already set and fails.

I'm not quite sure how to best approach this (changing the logic of the DKIM Verification, or updating the Lambda to respect entries created in the previous run), however if you've decided on how you'd fix this, I'm happy to open a Pull Request.

[mattvb91]

@mnlkrs any chance you got it working? currently experiencing the same issue:

INFO Waiting for DKIM verification...

and nothing happening

@mooyoul sorry about the ping but any ideas?

[mattvb91]

@mnlkrs not sure if this has fixed it but when this job was running I noticed "dkim" was disabled under my domain, when i hit enable it then went through. Not sure if this was something to do with it or something else

[mnlkrs]

@mattvb91 interesting - it was in fact disabled. I'll take a look at it if the error occurs again. I'm pretty sure this plugin is supposed to enable it though 🤔 Perhaps that's the root of this problem.

[mattvb91]

Yea I just needed the stack to go through once and on the next pipeline runs it doesnt need to do anything anymore cause its already active so this workaround is fine for now. (Although annoying when first launching a stack)

[mooyoul]

Hello. DKIM related messages should not be displayed if you’ve disabled dkim. Could you share your construct usage?

[mattvb91]

Hello. DKIM related messages should not be displayed if you’ve disabled dkim. Could you share your construct usage?

Hi @mooyoul thanks for checking in, actually I didnt disable it manually, I just wanted to launch a new stack and it didnt 'enable' it for me automatically and got stuck / timed out without enabling it.

      const zone = route53.HostedZone.fromLookup(this, 'baseZone', {
            domainName: "my-domain.com"
        })

        const identity = new DnsValidatedDomainIdentity(this, 'DomainIdentity', {
            domainName: "my-domain.com",
            dkim: true,
            hostedZone: zone, 
        });

EDIT: oh wait maybe im missunderstanding something, i was under the impression this will automatically enable dkim for me?

[mooyoul]

Setting dkim: true to DnsValidatedDomainIdentity Construct props will provision additional resources for DKIM, and will perform DKIM Verification by calling SES API. If you've enabled DKIM and stuck with "Waiting for DKIM verification..." message, It's likely that AWS SES system couldn't be able to verify DKIM records of your domain.

I need some informations to resolve this issue:

• Can you check that name server of given domain matches to hosted zone?
• Can you check that domain is queryable from Public Internet?
• What's the DKIM verification status of given SES Domain Identity from AWS SES Console? (or simply run this if you have AWS CLI: aws --region us-east-1 ses get-identity-dkim-attributes --identities DOMAIN)

[mnlkrs]

I've unsuccessfully tried to reproduce this issue on a fresh stack, maybe it has got something with re-deploying an existing stack? I'll add some more logging to this package locally and get back to you if I obverse it again.

We have 3 accounts (dev, stage & production) which we all provisioned at the same time and from there on your first two points were always the case. We were developing on dev for about 2 months and this never happened in the dev account. I only saw this both in the stage & production account after not touching them for 2 months and then deploying the first version of the application. So at some point DKIM must've been disabled. Maybe that gives you some clues.