I have setup AWS cognito with my own user pool, but when i create a user with a valid phone number i did not receive verification SMS on that phone.
I have also created role to allow Amazon Cognito to send SMS messages.
Please help me to debug the issue and let me know if any more details are required.
You can open AWS Support center and create case. Under regarding, choose Service Limit Increase. For SNS, follow the link http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_sns
Related
I want to have a script which programmatically creates an AWS account and creates a Cognito user pool within that account.
I want this user pool to support multi-factor authentication via SMS.
Cognito sends SMS messages using the SNS service. When you create a new AWS account, by default you start in the SNS sandbox, and you have to apply to AWS support to escape the sandbox.
I don't want to have to manually apply to escape the sandbox every time I run the account creation script. (I don't think it's possible to automate leaving the sandbox for multiple accounts, or for all accounts in an AWS organization?)
Therefore I would like to have a single central account which is used for sending MFA SNS messages, and I would like to configure Cognito to send those messages from this account.
Is this possible? The Cognito console prompts me to provide AWS Cognito a role to send SMS messages - if I provide a cross-account role, will Cognito automatically send messages from the desired account? Is there any other way to achieve what I want, other than rethinking my architecture and just combining my Cognito user pools into a single shared account?
You could create a custom Lambda function to deliver SMS for Cognito. This Lambda could in turn assume a role in a different AWS account and call SNS on behalf of that account, which would cause the SMS to be delivered through that account.
Currently, it is not possible to configure AWS Cognito to send SMS messages from a different AWS account. AWS Cognito is designed to be used within the same AWS account.
When you send an SMS message from your user pool, Amazon Cognito assumes an IAM role in your account. Hence in my experience, Cognito does not allow this.
More details here
I'm trying to setup Amazon Cognito, and according to what it says in the console I need to sign up for Amazon SES in order to send the confirmation code and forgot password messages.
So I applied for Amazon SES access through their support center explaining that I will only be using Amazon SES in conjunction with Cognito. I also included all the normal information they request, such as domain name, how bounces are handled, etc.
They replied denying access with this as the explanation:
We made this decision because we believe that your use case would impact the deliverability of our service and would affect your reputation as a sender. We also want to ensure that other Amazon SES users can continue to use the service without experiencing service interruptions.
So I found this puzzling, because my understanding is that I have to signup for SES in order to have production user registration and confirmation with Amazon Cognito.
Does anyone know if we can use Cognito without SES or if there is some other way of handling this?
You can configure Cognito to send all emails via a Lambda function. Inside that function you can perform the email sending using any email service you want.
My knowledge of AWS is very basic and I am studying to enable a user to send and receive email using SES.
The user is created in IAM and with SES permission enabled.
The domain is already registered and working on AWS.
Do I need to create a email inside SMTP configuration or is there a option to create email on IAM user profile?
I recommend you to read the Doc first Because they clearly explained how it works. There are 2 main methods to send an email using SES.
1. SES Rest APIs
It's a REST API service for SES. You can send emails by calling API as an HTTP Request. Visit the below link for more info.
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-api.html
2. SMTP
It's a traditional way. But if you want to access the SMTP server, You need to create SMTP credentials first. These credentials are unique to regions. If you are sending emails from multiple regions, You need to create a set of credentials for each.
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html
Receiving Emails
SES allows you to receive emails too. But this feature only available in certain regions. You can access received emails via the following ways without SMTP,
Deliver incoming emails to the S3 bucket
Publish to SNS topic
Send to Amazon WorkMail
For more info: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/receiving-email.html
I am using AWS cognito to signup users and create new accounts for my users on my web-app. I authorize the user's phone number by sending a one-time-password via AWS SNS. Off-late there has been a message on my SNS dashboard which reads like this :
I am worried that cognito will stop sending one-time-passwords to users who signup on my website and because of that I might loose them. I have not done any custom setup as of now for my application. From reading through communities and aws documentation I figured I can use a toll-free number from Amazon Pinpoint instead. It fits my requirement but there is no documentation of how to plug this toll-free number into the cognito process. I have purchased a toll-free number but don't understand how to use it for sending phone verification otp. Would be great if someone could help me with this.Thanks.
Looking at the AWS documentation, you can use a Pre Sign-up Lambda Trigger. The pre sign-up Lambda function is triggered just before Amazon Cognito signs up a new user. It allows you to perform custom validation to accept or deny the registration request as part of the sign-up process. Because you can use a Lambda function, you can use custom logic within the Lambda function to meet your business requirements. This includes hooking into Pinpoint to achieve what you want to do. For more details:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
I am happy with using AWS Cognito as a service for my flutter application. However, now I realize that the AWS SNS service is really pricey for usage within my country (No free tier and price is significantly higher than in the West), hence I wanted to use another 3rd party service which is cheaper to send any SMS to users. This will include Phone Number Verification during signup, Forgot Password Verification and other flows. I know that I can accomplish the phone number verification using the lambda function. However, for the forgot password flow, the only way of me changing the password is through sending a request to AWS which includes the OTP and new password.
How can I accomplish this? Can I change the user password explicitly in AWS by not going through the forgot_password flow in AWS (Meaning I send my own OTP and check the OTP myself, then updates the password), or how can I get the OTP generated by the forgot password then send it through the 3rd party SMS service?