I want to send verification code to the users mobile as SMS using a local provider in my country without using AWS SNS.
I have a trigger in CustomMessage and lambda function is working fine. But my problem I am unable to find verification code in lambda function.Only find codeParameter which is {####}.
So how can I get the verification code to send it using local provider?
You need to implement Custom Authentication in this scenario. Because Cognito wouldn't share the secret with you. We have implemented Custom Authentication scenario using Cognito Custom authentication mechanism.
you could use DefineAuth,CreateAuth and VerifyAuth triggers for implementation. please refer to the following flow.
https://aws.amazon.com/blogs/mobile/customizing-your-user-pool-authentication-flow/
For those looking for an alternative solution, I would recommend using Cognito's Custom SMS Sender trigger. When you use custom SMS trigger, you do not have to implement a custom authentication mechanism.
Custom SMS Sender trigger will enable you to get encrypted code parameter, then you can decrypt it using the KMS key you configured for your user pool.
The steps you can follow:
Crete a KSM key.
Create a Custom SMS Sender lambda function. This function should be able to perform kms:decrypt operation.
Implement your custom sms logic in the lambda function. Since you have the code parameter now, this will be very easy.
Give your user pool access to invoke custom sms sender function.
Set custom sms sender trigger for your user pool. When you do that you also need to set KMS key that Cognito will use. You can use aws-cli to do this.
References:
Official documentation
Terraform currently does not support custom sms sender trigger. There is an open issue regarding this
Aws cli update user pool
Related
For legal reasons I need to BCC someone on my Cognito verification emails when someone signs up on my website. Is there a way to configure this in Amazon SES or Cognito? I have searched through the settings on both of the services and searched google but I haven't been able to find anything. I am wondering if maybe I should use SNS to trigger a welcome email with the compliance information after the user verifies their email, though I am still not sure if this is possible.
You will need to implement a Cognito custom email sender Lambda function. There's an example of that function using NodeJS at the above link. Having gone through this myself I would point out that it can only be done using NodeJS or Java due to the specific AWS encryption SDK needed to decode the email body in your Lambda function.
Inside that example Lambda function you can see the different event triggers the function has to handle. In the CustomEmailSender_SignUp trigger handler you would add your BCC when you send the email.
You would need to use the AWS SDK inside that code to send the emails using SES.
I am using AWS cognito to signup users and create new accounts for my users on my web-app. I authorize the user's phone number by sending a one-time-password via AWS SNS. Off-late there has been a message on my SNS dashboard which reads like this :
I am worried that cognito will stop sending one-time-passwords to users who signup on my website and because of that I might loose them. I have not done any custom setup as of now for my application. From reading through communities and aws documentation I figured I can use a toll-free number from Amazon Pinpoint instead. It fits my requirement but there is no documentation of how to plug this toll-free number into the cognito process. I have purchased a toll-free number but don't understand how to use it for sending phone verification otp. Would be great if someone could help me with this.Thanks.
Looking at the AWS documentation, you can use a Pre Sign-up Lambda Trigger. The pre sign-up Lambda function is triggered just before Amazon Cognito signs up a new user. It allows you to perform custom validation to accept or deny the registration request as part of the sign-up process. Because you can use a Lambda function, you can use custom logic within the Lambda function to meet your business requirements. This includes hooking into Pinpoint to achieve what you want to do. For more details:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
Hi Is it possible to send cognito user pool verification code through ses service using lambda trigger and to use custom email template.
Is there any way that I could do it
I need to use email template thtat I uploaded in ses email template.
Can any one provide the lambda function
I agree with https://stackoverflow.com/a/67497492/15909382 and think it is possible.
using SES document here
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
using Custom Message Lambda Trigger document here
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html
And if you want, you might be able to implement it using Custom Email Lambda Trigger.
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html
No, this is not possible.
As pointed out by others, you can configure a Cognito User Pool to send emails using SES as the delivery mechanism, and using the same verified email you use with SES as your "from" address.
But no, there is no way AFAIK to invoke your SES email templates for the Cognito email messages. To customize the email messages sent by Cognito, you can either configure Cognito and write the templates there, or you can hook into the process using e.g. the custom message lambda hook.
Yes there is a message customization option in your user pool settings which allows you to select SES instead of cognito. It also lets you edit the content of the message. If you want to make it even more dynamic, you can use a pre sign up lambda trigger.
I am creating a web app using AWS amplify, and one of its features will be integration with AWS IoT for live MQTT data. I successfully setup Cognito to work with IoT, but there is one step that I currently have to do manually: attach the iot policy to a cognito identity. In all the AWS tutorials on this, they have you manually attach the policy for the user via the command line, but obviously in a production app this needs to be automated with something like a Lambda as part of the user signup flow. I know that lambda triggers are available with the user pools side of Cognito, but I don't see any documentation on them being available for identity pools. If I'm correct the user signup happens first in the user pool and then the identity pool, and since I need the identity ID to link to IoT, using user pool lambda triggers won't work for this. Of course I could always add this to my own API which is called after sign up, the only issue with that is that it relies on the client to call the API, which adds complexity, i.e. the client could disconnect after signup but before the API call is made, in which case the user would never get the policy attached. Is there any better server-side way to trigger this?
I'm trying to associate my user's Cognito identity with the SNS endpoints they create when registering for push notifications. I've created a Lambda functions connected to the SNS application's EndpointAdded topic. It is fired whenever an endpoint is created, but it does not include any information I can see that I can use to associate the endpoint to a user.
I see many examples where people are adding the user ID as custom user data, but this allows any user to sign up for any other user's notifications. Is there a more secure way to make this association?
If you front registering the endpoint with Lambda or APIGateway and you use SigV4 credentials vended by Cognito to make the call, the context passed in will contain the Cognito Identity Id extracted from the credentials that made the call. This will ensure that the identity id you associate with the endpoint hasn't been tampered with.