For legal reasons I need to BCC someone on my Cognito verification emails when someone signs up on my website. Is there a way to configure this in Amazon SES or Cognito? I have searched through the settings on both of the services and searched google but I haven't been able to find anything. I am wondering if maybe I should use SNS to trigger a welcome email with the compliance information after the user verifies their email, though I am still not sure if this is possible.
You will need to implement a Cognito custom email sender Lambda function. There's an example of that function using NodeJS at the above link. Having gone through this myself I would point out that it can only be done using NodeJS or Java due to the specific AWS encryption SDK needed to decode the email body in your Lambda function.
Inside that example Lambda function you can see the different event triggers the function has to handle. In the CustomEmailSender_SignUp trigger handler you would add your BCC when you send the email.
You would need to use the AWS SDK inside that code to send the emails using SES.
Related
I'm trying to setup Amazon Cognito, and according to what it says in the console I need to sign up for Amazon SES in order to send the confirmation code and forgot password messages.
So I applied for Amazon SES access through their support center explaining that I will only be using Amazon SES in conjunction with Cognito. I also included all the normal information they request, such as domain name, how bounces are handled, etc.
They replied denying access with this as the explanation:
We made this decision because we believe that your use case would impact the deliverability of our service and would affect your reputation as a sender. We also want to ensure that other Amazon SES users can continue to use the service without experiencing service interruptions.
So I found this puzzling, because my understanding is that I have to signup for SES in order to have production user registration and confirmation with Amazon Cognito.
Does anyone know if we can use Cognito without SES or if there is some other way of handling this?
You can configure Cognito to send all emails via a Lambda function. Inside that function you can perform the email sending using any email service you want.
I am using AWS cognito to signup users and create new accounts for my users on my web-app. I authorize the user's phone number by sending a one-time-password via AWS SNS. Off-late there has been a message on my SNS dashboard which reads like this :
I am worried that cognito will stop sending one-time-passwords to users who signup on my website and because of that I might loose them. I have not done any custom setup as of now for my application. From reading through communities and aws documentation I figured I can use a toll-free number from Amazon Pinpoint instead. It fits my requirement but there is no documentation of how to plug this toll-free number into the cognito process. I have purchased a toll-free number but don't understand how to use it for sending phone verification otp. Would be great if someone could help me with this.Thanks.
Looking at the AWS documentation, you can use a Pre Sign-up Lambda Trigger. The pre sign-up Lambda function is triggered just before Amazon Cognito signs up a new user. It allows you to perform custom validation to accept or deny the registration request as part of the sign-up process. Because you can use a Lambda function, you can use custom logic within the Lambda function to meet your business requirements. This includes hooking into Pinpoint to achieve what you want to do. For more details:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
Hi Is it possible to send cognito user pool verification code through ses service using lambda trigger and to use custom email template.
Is there any way that I could do it
I need to use email template thtat I uploaded in ses email template.
Can any one provide the lambda function
I agree with https://stackoverflow.com/a/67497492/15909382 and think it is possible.
using SES document here
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
using Custom Message Lambda Trigger document here
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html
And if you want, you might be able to implement it using Custom Email Lambda Trigger.
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html
No, this is not possible.
As pointed out by others, you can configure a Cognito User Pool to send emails using SES as the delivery mechanism, and using the same verified email you use with SES as your "from" address.
But no, there is no way AFAIK to invoke your SES email templates for the Cognito email messages. To customize the email messages sent by Cognito, you can either configure Cognito and write the templates there, or you can hook into the process using e.g. the custom message lambda hook.
Yes there is a message customization option in your user pool settings which allows you to select SES instead of cognito. It also lets you edit the content of the message. If you want to make it even more dynamic, you can use a pre sign up lambda trigger.
I want to send verification code to the users mobile as SMS using a local provider in my country without using AWS SNS.
I have a trigger in CustomMessage and lambda function is working fine. But my problem I am unable to find verification code in lambda function.Only find codeParameter which is {####}.
So how can I get the verification code to send it using local provider?
You need to implement Custom Authentication in this scenario. Because Cognito wouldn't share the secret with you. We have implemented Custom Authentication scenario using Cognito Custom authentication mechanism.
you could use DefineAuth,CreateAuth and VerifyAuth triggers for implementation. please refer to the following flow.
https://aws.amazon.com/blogs/mobile/customizing-your-user-pool-authentication-flow/
For those looking for an alternative solution, I would recommend using Cognito's Custom SMS Sender trigger. When you use custom SMS trigger, you do not have to implement a custom authentication mechanism.
Custom SMS Sender trigger will enable you to get encrypted code parameter, then you can decrypt it using the KMS key you configured for your user pool.
The steps you can follow:
Crete a KSM key.
Create a Custom SMS Sender lambda function. This function should be able to perform kms:decrypt operation.
Implement your custom sms logic in the lambda function. Since you have the code parameter now, this will be very easy.
Give your user pool access to invoke custom sms sender function.
Set custom sms sender trigger for your user pool. When you do that you also need to set KMS key that Cognito will use. You can use aws-cli to do this.
References:
Official documentation
Terraform currently does not support custom sms sender trigger. There is an open issue regarding this
Aws cli update user pool
We use Amazon's SES service, and have set up Topics and Subscriptions under SNS (Simple Notification Service) so that we get notification emails when an email is bounced or successfully delivered. That's all working fine.
We sometimes send emails via SES on behalf of one of our partners, and before we can do that we need to verify their email address. The process is that the system asks SES to send out a verification email to the person saying "Example.com wants to send emails on your behalf, is that ok?", with a link for them to click. If they click it, then that email is marked as Verified within SES, and we can use it as a from address.
What I can't work out is how to automate the process of knowing whether they've clicked the link yet. I can log in to the AWS dashboard, and go and look at the list of verified email addresses, but i'd like to make it an automated process.
What would be ideal is if it worked the same way as bounces & deliveries: that i set up a "Verification" topic, and subscribe to it so we get an email like we do with bounces and deliveries. Then, the scheduled job that deals with incoming email notifications can say "Aha, this is a verification email for foobar#example.com: I'll mark their account as 'ses-verified'".
Does anyone know if it's possible to set this up? All the docs on the SES site just talk about bounces, deliveries and complaints.
thanks, Max
You can use the GetIdentityVerification api call in the SES part of the awssdk:
https://docs.aws.amazon.com/ses/latest/APIReference/API_GetIdentityVerificationAttributes.html
You could do this in a serverless way by having a lambda function do the check, and expose the lambda as an API endpoint to your application (among other ways).
Alternatively you could just try to send a single test email to a test/internal email address and check if it gives you an error - if its not verified, it will return an error immediately when you try to do the send.
EDIT:
If you want to use the CLI instead:
aws ses get-identity-verification-attributes --identities "mailbox#thedomain.com"