I use Cognito service for my users. I also use my SES with Cognito to send emails to them.
I have two accounts on AWS - one for development and the second one for production. The development account uses my production domain when sending emails, and after many testing emails sending, the reputation of my domain decreased. Now I want to turn sandbox on on my development account for cognito and SES, but I cannot find where to do that, as the documention of AWS only shows how to go to production.
Related
I'm trying to setup Amazon Cognito, and according to what it says in the console I need to sign up for Amazon SES in order to send the confirmation code and forgot password messages.
So I applied for Amazon SES access through their support center explaining that I will only be using Amazon SES in conjunction with Cognito. I also included all the normal information they request, such as domain name, how bounces are handled, etc.
They replied denying access with this as the explanation:
We made this decision because we believe that your use case would impact the deliverability of our service and would affect your reputation as a sender. We also want to ensure that other Amazon SES users can continue to use the service without experiencing service interruptions.
So I found this puzzling, because my understanding is that I have to signup for SES in order to have production user registration and confirmation with Amazon Cognito.
Does anyone know if we can use Cognito without SES or if there is some other way of handling this?
You can configure Cognito to send all emails via a Lambda function. Inside that function you can perform the email sending using any email service you want.
i want to connect my simple REACTJS contact form to my AWS SES email to receive emails
I did some researches about this but did not find a useful tutorial or article to follow it
is there anyone who can help!?
THANKS
There is a tutorial to do just what you asked for: https://www.youtube.com/watch?v=HiHflLTqiwU
In short: You set up an AWS IAM user with limited permissions to AWS SES. The user has only programmatic access to the AWS console. You will use the secret key and key ID in your React app later on, so make sure to save it. Also, make sure you are familiar with the SES pricing
Then, go ahead and configure AWS SES to your needs.
Your React App will need to run with an ExpressJS backend. Add the JavaScript AWS SDK to your project. It is needed to connect to AWS and interact with SES. Here the link to the AWS SES SDK documentation
The tutorial is great. However, there are some things to look out for:
Make sure you don't check in your access key and secret to a VCS.
The AWS access key will never be renewed. This can be ok but should be avoided
Regularly rotating your IAM credentials helps prevent a compromised set of IAM access keys from accessing components in your AWS account. Rotating IAM credentials is also an important part of security best practices in IAM. (Source)
You send e-mails through a public, unauthenticated POST request to your express backend. Anybody with their browser's devtools open can see the POST request. including the headers, the request body, and repsonse. With Postman, or a similar tool, anybody can spam your contact endpoint. To avoid that you can setup rate limits, put an API Gateway, with quotas in the middle instead of calling SES directly, etc.
I am building an app that requires user sign in and I am using AWS Cognito. I am running out of test emails. So I wanted to use a service like Mailtrap for test users. I have not been able to find this setting in Cognito OR SES.
I have one Amazon account with my current production application running an elastic beanstalk environment which uses SES to send emails from that verified domain, let's call it www.original_domain.com.
I'm currently upgrading my application, which includes a changing the domain name. I have set up a second application in my AWS account with a separate elastic beanstalk environment, let's call this one www.new_domain.com. I have done this so I can test it along side in production.
Is there anyway to verify both domains to use SES where I can have both www.original_domain.com AND www.new_domain.com sending emails from their respected domains, or is SES - application a 1-1 relationship? This would make the change over a lot easier rather than having to take down www.original_domain.com and re-apply to get www.new_domain.com verified.
There is a limit, upto 1000 domains:
You can verify as many as 1000 identities (domains and email
addresses, in any combination) per AWS account.
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html
I'm just looking into Amazons Web Services and I've used Elastic Beanstalk to set up a Ruby web app. It all works great but with one big exception. I cannot have user email accounts for the domain and cannot have incoming emails.
Is there a technical reason why this is the case (no incoming mail service), or am I missing something? I'm reading a lot about using Gmail or installing postfix manually, are these the only options, and if so why?
Amazon offers this service now, it's called WorkMail: https://aws.amazon.com/workmail/
You can have user emails on the domain in one of two ways. If you want to keep it at aws, spinup an ec2 instance and run the mail server of your choice, or else just use a third party mail host/provider (like gmail, or rackspace email which I use) and just point your mx records to those external mail servers.
I also wish that AWS offered mail hosting (and domain registrations), but its not hard to just parcel out the small pieces of your solution.
You can use ses nowadays for inbound programmatic email, and read it from a sqs queue, this is advisable for higher then normal mailbox usage profiles.
Else soon you can use WorkMail's new imap service which was announced beta preview at 2016 re:invent.