I am not sure how to setup the "EmailConfiguration" part of the serverless cloudformation resource section. Does anyone have an example on how to do this? Any guidance would be much appreciated!
Here is my serverless.yml file.
service: cognito-email-config
provider:
name: aws
runtime: nodejs6.10
region: us-east-1
plugins:
- serverless-stack-output
custom:
output:
handler: serverless/output.handler
file: outputs/stack.json
functions:
preSignUp:
handler: serverless/preSignUp.handler
postConfirmation:
handler: serverless/postConfirmation.handler
resources:
Resources:
SESRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
- PolicyName: "CognitoSESPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:SendEmail"
- "ses:SendRawEmail"
Resource: "*"
CognitoUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${env:COGNITO_USER_POOL}
EmailConfiguration:
ReplyToEmailAddress: [email protected]
SourceArn:
Fn::GetAtt: [SESRole, Arn]
AutoVerifiedAttributes:
- phone_number
MfaConfiguration: "OPTIONAL"
SmsConfiguration:
ExternalId: ${env:COGNITO_USER_POOL}-external
SnsCallerArn:
Fn::GetAtt: [SNSRole, Arn]
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: email
AttributeDataType: String
Mutable: false
Required: true
- Name: phone_number
AttributeDataType: String
Mutable: false
Required: true
after running that i get this error...
Serverless: Deployment failed!
Serverless Error ---------------------------------------
An error occurred while provisioning your stack: CognitoUserPool - Email arn does not belong to your account. (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: f2b14a38-82a1-11e7-8ea0-eb271a42c298).
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Forums: forum.serverless.com
Chat: gitter.im/serverless/serverless
Your Environment Information -----------------------------
OS: linux
Node Version: 8.2.1
Serverless Version: 1.20.0
ERROR: Job failed: exit code 1
I don't think I am using "SourceArn" of "EmailConfiguration" properly; I just copied the example from SNS to SES (using the gist below) hoping it would work.
Here is aws documentation reference for the resource that I need setup: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailconfiguration
this has helped me as a reference but doesn't show how to use SES: https://gist.github.com/singledigit/2c4d7232fa96d9e98a3de89cf6ebe7a5
Amazon Cognito can automatically verify email addresses or phone numbers. To do this verification, Amazon Cognito sends a verification code or a verification link. For email addresses, Amazon Cognito can send a code or a link in an email message. For phone numbers, Amazon Cognito sends a code in an SMS text message.
Go to AWS Cognito service and click “Manage Identity Pools”. 2. Enter “Identity pool name”, expand the “Authentication providers” section and select “Cognito” tab. This is where the Cognito authentication provider will be registered with the Identity pool.
I just went through the same ordeal and finally figured it out. AWS has horrible documentation on this. Sharing my experience to hopefully help you and/or others.
1.) You'll need to verify the email you want to send from in SES.
2.) Once you verify the email, you are able to click on it in the SES dashboard and see it's Identity ARN (e.g., arn:aws:ses:us-west-2:MY-AWS-ACCOUNT-NUMBER:identity/[email protected]). This Identity ARN is what you'll use in the CloudFormation above for SourceARN under EmailConfiguration.
3.) Once you click on the verified email in the SES dashboard, you'll have the option to set Identity Policies. Add this snippet there (replacing the Resource ARN below with the correct Identity ARN you grabbed from step 2):
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "stmnt1234567891234",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "arn:aws:ses:us-west-2:<MY-AWS-ACCOUNT-NUMBER>:identity/[email protected]"
}
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With