i want to connect my simple REACTJS contact form to my AWS SES email to receive emails
I did some researches about this but did not find a useful tutorial or article to follow it
is there anyone who can help!?
THANKS
There is a tutorial to do just what you asked for: https://www.youtube.com/watch?v=HiHflLTqiwU
In short: You set up an AWS IAM user with limited permissions to AWS SES. The user has only programmatic access to the AWS console. You will use the secret key and key ID in your React app later on, so make sure to save it. Also, make sure you are familiar with the SES pricing
Then, go ahead and configure AWS SES to your needs.
Your React App will need to run with an ExpressJS backend. Add the JavaScript AWS SDK to your project. It is needed to connect to AWS and interact with SES. Here the link to the AWS SES SDK documentation
The tutorial is great. However, there are some things to look out for:
Make sure you don't check in your access key and secret to a VCS.
The AWS access key will never be renewed. This can be ok but should be avoided
Regularly rotating your IAM credentials helps prevent a compromised set of IAM access keys from accessing components in your AWS account. Rotating IAM credentials is also an important part of security best practices in IAM. (Source)
You send e-mails through a public, unauthenticated POST request to your express backend. Anybody with their browser's devtools open can see the POST request. including the headers, the request body, and repsonse. With Postman, or a similar tool, anybody can spam your contact endpoint. To avoid that you can setup rate limits, put an API Gateway, with quotas in the middle instead of calling SES directly, etc.
Related
I'm trying to setup Amazon Cognito, and according to what it says in the console I need to sign up for Amazon SES in order to send the confirmation code and forgot password messages.
So I applied for Amazon SES access through their support center explaining that I will only be using Amazon SES in conjunction with Cognito. I also included all the normal information they request, such as domain name, how bounces are handled, etc.
They replied denying access with this as the explanation:
We made this decision because we believe that your use case would impact the deliverability of our service and would affect your reputation as a sender. We also want to ensure that other Amazon SES users can continue to use the service without experiencing service interruptions.
So I found this puzzling, because my understanding is that I have to signup for SES in order to have production user registration and confirmation with Amazon Cognito.
Does anyone know if we can use Cognito without SES or if there is some other way of handling this?
You can configure Cognito to send all emails via a Lambda function. Inside that function you can perform the email sending using any email service you want.
aws sso login --profile //profile name// is usually open browser and ask for approval is there any other way we can do this without browser. I have a situation where I need to setup aws cli in my docker container and I can only use aws sso login and I don't want to use any selenium to handle browser approval since its looks complex so I want to do all in cli itself…
aws sso login takes a --no-browser flag which suppresses the browser launch
From there you can control the sso verification url via a browser automation library e.g. puppeteer.
You can also get the verification url via aws sso-oidc actions/commands.
An example in golang using go-rod is available on github here although this won't work with a non-mfa process flow, which is what you want here. The code at the link can be modded or updated to support that use-case with not a whole lot of effort.
Generally using aws sso isn't recommedended for this type of use-case. Instead, you're better off using IAM user credentials (while outside VPC for example) or if in a VPC - instance profiles if they're available.
We have implemented Dynatrace and we need to add our AWS account to pull CloudWatch logs.
The problem: We have a corporate proxy and firewall which is super locked down and seems to block whichever requests Dynatrace is trying to make to AWS to authenticate with the key and secret.
The infra guys has allowed a bunch of AWS domains per region to read CloudWatch logs, but we still can't authenticate (see image below).
I have set up a Dynatrace security gateway in AWS which our local gateways are able to access. We are successfully getting logs form OneAgents through the SGW. The problem is getting the CloudWatch logs/integration going.
The error in the image below leads me to believe that Dynatrace is not able to communicate to the AWS auth servers at all.
Any advice would be appreciated.
I'm just a dev
We are not allowed to open the amazon domain.
#corporate-devlife
Well, I have a web page (PHP) that is running on-premise and it's accessed from different countries. I would like to catch some data and store it somewhere. I can handle internally with the team the data and the format of the file to catch the info. But we would like to get leverage of AWS to store it in S3. So we notice that we need an intermedium layer to avoid use AWS credentials required for S3.
as this page is on the internet and it's consumed by a user thru web for sure we don't want to include anything for credentials embedded in the site. So likely Kinesis data firehose as consumer role could just catch the data send by our page and then internally store it in S3.
Question
I see that exist an SDK for Kinesis but it requires AWS credentials. We really need a kind of link where we need the data produced and AWS handles the rest. But I don't know why I require to set up AWS credentials using the SDK. Does it mean then that our website will load and live with our credentials? I don't feel this approach secure. I appreciate the comments.
You can use API Gateway Kinesis Proxy to avoid using credentials or even aws-sdk in your webpages.
https://docs.aws.amazon.com/apigateway/latest/developerguide/integrating-api-with-aws-services-kinesis.html
This way you don't need to expose any credentials and control permissions with a role.
If you are worried about having a security issue and if the users are authenticated, you can use custom authorizers to authorize the url.
https://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html
If it is public facing, then just the above integration should work.
Hope it helps.
We've changed our email service from Mandrill to Amazon SES. We are using it with SMTP.
In Mandrill we had access to some details such as:
raw content of the emails
delivery dates
is the email viewed by the recipient
are the links in the email clicked
But in SES Management Console > Sending Statistics page it shows only the numbers without any details for deliveries, bounces, complaints & rejects.
And I've looked into CloudTrail, CloudWatch & S3 combination with no luck. Also I'm not sure if this is still valid but this page says
All Amazon SES APIs except for the email-sending APIs (SendEmail and SendRawEmail) are supported.
So I can't seem to log these data with CloudTrail.
Can I log them via another method (maybe a third party tool?). How do other people log these? Or do they? Maybe it's not possible with SMTP but possible with only API?
Example scenario
We're using multiple IAM access keys (with multiple users) for SES. Let's say there is 50% increase in complaints. Doesn't AWS offer any tool to find the culprit access key?
I had found this thread when trying to get easy access to who Amazon SES sent emails to, at what time, etc. I found the tutorials at Amazon pretty helpful:
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/event-publishing-tutorials.html
I actually tried all four of them. I couldn't figure out how to get the CloudWatch path to actually show who the email went to, but the other ones worked. I eventually settled on the Amazon Redshift path:
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/event-publishing-redshift.html
It works well for me and provides an SQL query view into the "log" data. They do have a new Query tool, so you don't have to use JDBC/ODBC if you don't want to.
Hoping this will help someone else looking...
For raw content logging, you would have to proxy the SMTP requests through some service that logs everything and then sends it to SES, or just log everything in your code before making the call to SES.
For delivery rates you would have to setup SNS listeners to process SES bounce notifications.
For email viewed and links clicked you would have to build your own analytics service to add tracking to the emails you send, or find some third-party service that does that for you.
There is a reason SES is so much cheaper than other email services like Mandrill, it is because you don't get all the features that the other services provide. Honestly if you want things like click tracking analytics I would suggest you rethink moving away from Mandrill, or look at other email services like SendGrid. SES is more of a raw email sending service that doesn't provide any of those higher-level features you are looking for.