AWS Security ChangesHomeSearch

AWS ses documentation change

Service: ses · 2026-05-22 · Documentation low

File: ses/latest/dg/global-endpoints.md

Summary

Updated Global Endpoints documentation with revised terminology, added operational best practices for traffic distribution, DNS configuration, HTTP connection management, and clarified limitations.

Security assessment

The changes add security-relevant documentation about configuring DNS TTL settings (including JVM security properties) and HTTP connection timeouts to ensure quick failover during regional impairments. While not addressing a specific vulnerability, these best practices improve resilience against potential availability issues. No evidence of a patched security vulnerability exists.

Diff

diff --git a/ses/latest/dg/global-endpoints.md b/ses/latest/dg/global-endpoints.md
index c721f2bc9..1b03f0f8e 100644
--- a//ses/latest/dg/global-endpoints.md
+++ b//ses/latest/dg/global-endpoints.md
@@ -15 +15 @@ Amazon SES Global endpoints is a feature that enhances the continuity and reliab
-Global endpoints are resources that allow you to distribute your SES outbound workloads across two AWS Regions. Once configured, SES automatically splits your sending traffic between the selected primary and secondary regions. If either region experiences an impairment, SES will automatically shift traffic away from the affected region to maintain continuity of your sending operations.
+Global endpoints are resources that allow you to distribute your SES outbound workloads across two AWS Regions. Once configured, SES automatically divides your sending traffic between the selected primary and secondary regions. If either region experiences an impairment, SES will automatically shift traffic away from the affected region to maintain continuity of your sending operations.
@@ -347 +347 @@ Following these best practices and considerations helps ensure effective utiliza
-  * Be aware that while Global endpoints provide improved availability, they do not change the physical state of regional availability for SES Outbound.
+  * Be aware that there may be fractional increases in API latency when making calls to MREP-enabled distant regions.
@@ -349 +349 @@ Following these best practices and considerations helps ensure effective utiliza
-  * Note that at launch, Global endpoints do not support SMTP or VPC endpoint access.
+  * To ensure balanced traffic distribution, adopt an active-active architecture that mirrors the regions of your Global endpoint. Alternatively, choose two regions that are approximately equally distant from your client application.
@@ -351 +351 @@ Following these best practices and considerations helps ensure effective utiliza
-  * Consider potential egress charges if using an AWS address translation gateway.
+  * Configure your client application to detect routing changes quickly. Global endpoints publish current routing weights through DNS. Set the positive DNS cache TTL to approximately 60 seconds and the negative DNS cache TTL to approximately 10 seconds in your runtime and resolver configuration. On the JVM, these are controlled by the `networkaddress.cache.ttl` and `networkaddress.cache.negative.ttl` security properties.
@@ -353 +353,5 @@ Following these best practices and considerations helps ensure effective utiliza
-  * Be aware that there may be fractional increases in API latency when making calls to MREP-enabled distant regions.
+  * Set HTTP connection lifetime limits in your client. Long-lived keep-alive connections continue to reach the originally resolved IP address even after DNS refreshes. Set a short [Connection TTL](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/client-configuration.html#client-configuration-http) of approximately 60 seconds on your HTTP client so that pooled connections are replaced regularly. Most AWS SDKs expose this setting.
+
+  * Global endpoints do not support SMTP or VPC endpoint access.
+
+  * Consider potential egress charges if routing traffic through a NAT Gateway.