I'm trying to setup Amazon Cognito, and according to what it says in the console I need to sign up for Amazon SES in order to send the confirmation code and forgot password messages.
So I applied for Amazon SES access through their support center explaining that I will only be using Amazon SES in conjunction with Cognito. I also included all the normal information they request, such as domain name, how bounces are handled, etc.
They replied denying access with this as the explanation:
We made this decision because we believe that your use case would impact the deliverability of our service and would affect your reputation as a sender. We also want to ensure that other Amazon SES users can continue to use the service without experiencing service interruptions.
So I found this puzzling, because my understanding is that I have to signup for SES in order to have production user registration and confirmation with Amazon Cognito.
Does anyone know if we can use Cognito without SES or if there is some other way of handling this?
You can configure Cognito to send all emails via a Lambda function. Inside that function you can perform the email sending using any email service you want.
Related
For legal reasons I need to BCC someone on my Cognito verification emails when someone signs up on my website. Is there a way to configure this in Amazon SES or Cognito? I have searched through the settings on both of the services and searched google but I haven't been able to find anything. I am wondering if maybe I should use SNS to trigger a welcome email with the compliance information after the user verifies their email, though I am still not sure if this is possible.
You will need to implement a Cognito custom email sender Lambda function. There's an example of that function using NodeJS at the above link. Having gone through this myself I would point out that it can only be done using NodeJS or Java due to the specific AWS encryption SDK needed to decode the email body in your Lambda function.
Inside that example Lambda function you can see the different event triggers the function has to handle. In the CustomEmailSender_SignUp trigger handler you would add your BCC when you send the email.
You would need to use the AWS SDK inside that code to send the emails using SES.
i want to connect my simple REACTJS contact form to my AWS SES email to receive emails
I did some researches about this but did not find a useful tutorial or article to follow it
is there anyone who can help!?
THANKS
There is a tutorial to do just what you asked for: https://www.youtube.com/watch?v=HiHflLTqiwU
In short: You set up an AWS IAM user with limited permissions to AWS SES. The user has only programmatic access to the AWS console. You will use the secret key and key ID in your React app later on, so make sure to save it. Also, make sure you are familiar with the SES pricing
Then, go ahead and configure AWS SES to your needs.
Your React App will need to run with an ExpressJS backend. Add the JavaScript AWS SDK to your project. It is needed to connect to AWS and interact with SES. Here the link to the AWS SES SDK documentation
The tutorial is great. However, there are some things to look out for:
Make sure you don't check in your access key and secret to a VCS.
The AWS access key will never be renewed. This can be ok but should be avoided
Regularly rotating your IAM credentials helps prevent a compromised set of IAM access keys from accessing components in your AWS account. Rotating IAM credentials is also an important part of security best practices in IAM. (Source)
You send e-mails through a public, unauthenticated POST request to your express backend. Anybody with their browser's devtools open can see the POST request. including the headers, the request body, and repsonse. With Postman, or a similar tool, anybody can spam your contact endpoint. To avoid that you can setup rate limits, put an API Gateway, with quotas in the middle instead of calling SES directly, etc.
I am using AWS cognito to signup users and create new accounts for my users on my web-app. I authorize the user's phone number by sending a one-time-password via AWS SNS. Off-late there has been a message on my SNS dashboard which reads like this :
I am worried that cognito will stop sending one-time-passwords to users who signup on my website and because of that I might loose them. I have not done any custom setup as of now for my application. From reading through communities and aws documentation I figured I can use a toll-free number from Amazon Pinpoint instead. It fits my requirement but there is no documentation of how to plug this toll-free number into the cognito process. I have purchased a toll-free number but don't understand how to use it for sending phone verification otp. Would be great if someone could help me with this.Thanks.
Looking at the AWS documentation, you can use a Pre Sign-up Lambda Trigger. The pre sign-up Lambda function is triggered just before Amazon Cognito signs up a new user. It allows you to perform custom validation to accept or deny the registration request as part of the sign-up process. Because you can use a Lambda function, you can use custom logic within the Lambda function to meet your business requirements. This includes hooking into Pinpoint to achieve what you want to do. For more details:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
I'd like to pre-process my clients email via AWS SES, but I'm not sure Amazon allows for this per their policy and/or has a domain limitation. I see a rule-set for my SES engine and I'm able to manage multiple domain names, but these are my own. If I wanted to managed 100 or 200 domain names, would AWS SES allow me to do this?
If your clients grant you permission to manage their email on their behalf, it's not up to Amazon to tell you if you can or cannot. Remember, they are providing Infrastructure as a Service (IaaS).
As far as if it's possible technically, you'll have to either create your own e-mail client that integrates with SES or use Amazon WorkMail.
You can send any number of emails(based on your SES limits) and manage any number of domains as long as you comply with amazon policies. All they care about it quality of email response, if someone report spam and if your spam ration is high then your account might be at risk.
I have setup AWS cognito with my own user pool, but when i create a user with a valid phone number i did not receive verification SMS on that phone.
I have also created role to allow Amazon Cognito to send SMS messages.
Please help me to debug the issue and let me know if any more details are required.
You can open AWS Support center and create case. Under regarding, choose Service Limit Increase. For SNS, follow the link http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_sns