-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cognito user pools - support SES integration #6768
Comments
+1 |
Hi, I did some research I would like to share:
The default should be initiable with empty props: let sender = new DefaultSender({
replyTo?: "replyToAddress",
}); If the user wish to use cognito must specify all required fields let emailSender = new CognitoSender({
from: {
email: "testaddress@example.com",
name: "Test Address",
},
replyTo: "info@example.com"
sourceArn: "arn for source"
}); Finally, if the user wants to use SES the user can specify the optional configurationSet property. let emailSender = new SESSender({
configurationSet?: "String"
from: {
email: "testaddress@example.com",
name: "Test Address",
},
replyTo: "info@example.com"
sourceArn: "arn for source"
}); As you can see I propose to split the From property in two, allowing better check of correctness (and helping the user understand how to use the field. /**
* Represents the From field.
* If only email is set the output value should be the email address, otherwise
* the outcome should be `name <email>` (i.e. Test User `<testuser@acme.com>`)
*/
export interface FromEmailAddress {
/**
* The email for the From field.
*
* @example testuser@example.com
*/
readonly email: string
/**
* The optional sender's name
*
* @example Test User
*/
readonly name?: string
} To Do
I will start working soon on a PR. |
Edit: Since the ARN has always the structure Ideally, it should be possible to specify any "from" email, and, if unverified, |
Is there a reason why this issue is not marked as required for graduation in this overview? According to the Cognito limits that come with the default settings, maximum 50 emails can be sent per day, severely limiting the number of people that can use my service. Therefore, I think this is an important feature to have in the CDK. Is there currently a workaround for a UserPool that is configured using the CDK high level constructs to enable email sending via SES? Or is the only way to rewrite my stack using the lower level CloudFormation constructs for UserPool? |
@rinde The workaround is quite easy. Just change the const cfnUserPool = userPool.node.defaultChild as cognito.CfnUserPool;
cfnUserPool.emailConfiguration = {
emailSendingAccount: 'DEVELOPER',
from: `Someone from MyService <${fromEmailAddress}>`,
sourceArn: `arn:aws:ses:eu-west-1:${this.account}:identity/${fromEmailAddress}`, // SES integration is only available in us-east-1, us-west-2, eu-west-1
}; I agree that these SES configurations should be added to the CDK construct since almost every customer-facing app requires SES instead of Cognito's built-in email capabilities. Note that the sending email address ( |
I'd specifically like Pinpoint integration. If I've already got a Pinpoint app, I already have a MANAGED mechanism to send emails, texts, etc. I wouldn't want to create a new channel to support Cognito "just because". |
As far as I can tell, Pinpoint is an analytics system. This issue is regarding sending emails and integrating SES with user pools. Please open a separate issue, if you're interested in a different feature. |
I'll open a different issue, but Pinpoint isn't (specifically) an analytics system. It's an aggregation of all the messaging channels for SMS, Voice, Email, Push Notifications, Messaging campaigns, etc. It's closer to Mailchimp than it is anything specifically related to analytics. |
Is there any workaround for adding custom cloudformation include for ses support? I was learning cloudformation but when I found out about CDK then I abandoned cloudformation and completely forgot everything I learned about cloudformation. I am actually looking for excuse to actually finish learning cloudformation. But if I learned cloudformation then can I fill gaps of CDK? or I cannot override CDK code with custom cloudformation? |
@asterikx Your workaround only works if you use TypeScript as far as I can see? I don't see how you can do the same thing from Python. |
@wichert Please check the docs on Escape Hatches for how to modify the CFN layer in other CDK languages. :) |
Hello. I've tried using @asterikx 's workaround, but it seems to require one of the following regions: Is there another workaround? I'm working with the latest version of CDK, and don't know about Cloudformation (yet). Cheers. |
@Elegie While SES is available in many regions, Cognito integration with SES is only supported in The English docs state:
The German docs has additional information:
So, I guess, you will need to use one of |
@Elegie Unless you're restricted by some other policy, you can set up a sender identity in one of those supported regions and use it from a user pool in a different region. But, you'll need to make sure you have SES production access in the SES region. Here's what I've done in my case - my user pool is in |
Hi @misterjoshua and @asterikx , thanks for your comments. I have access to all regions in my context, so have set up Cognito and SES as you two suggested. I could not test it yet, but given that it was correctly provisioned by Cloudformation I'm rather confident it'll work. I think it's a very reasonable solution. Cheers. |
👍 |
@misterjoshua I have attempted to use the workaround from @asterikx using your advice. My from-address is in I am getting the following error when I
My from-address is not yet enabled for production sending, but I would not expect that to lead to this error. The portion of my code in let cfnUserPool;
if (props?.sesVerificationConfig) {
cfnUserPool = userPool.node.defaultChild as cognito.CfnUserPool;
cfnUserPool.emailConfiguration = {
emailSendingAccount: "DEVELOPER",
from: `Mad Liberation Verification <${props?.sesVerificationConfig?.fromAddress}>`,
sourceArn:
// SES integration is only available in us-east-1, us-west-2, eu-west-1
`arn:aws:ses:${props?.sesVerificationConfig?.fromRegion}` +
`:${this.account}:identity/` +
`${props?.sesVerificationConfig?.fromAddress}`,
};
}
@misterjoshua, @asterikx, or others, any insight into how I might resolve this error would be greatly appreciated. |
@douglasnaphas Haha. This problem is a little slippery. I did manage to get something to deploy in new cognito.CfnUserPool(this, 'UserPool', {
emailConfiguration: {
emailSendingAccount: 'DEVELOPER',
// Verified email address instead of domain sender identity.
sourceArn: 'arn:aws:ses:us-west-1:11111111111111:identity/xxxx@xxxxxxxxx.com',
from: 'My email <xxxx@xxxxxxxxx.com>',
},
}); This is what it's looking like in the user pool in us-west-1: |
I am trying to specify SES configuration in CDK in C#.NET.
But, I get the following error:
Please help. Also, my REGION is ap-south-1. The verified email Arn is arn:aws:ses:{this.Region}:{this.Account}:identity/{support_email} Should I be verifying the email address with SES in one of the SES integration supported regions (say us-west-2) in addition to verifying it in ap-south-1 and use the ARN of the us-west-2 verified address? |
I figured it out. I used the Amazon.CDK.AWS.Cognito.CfnUserPool.EmailConfigurationProperty type.
Also, note the sesRegion coded to use a supported SES region. |
+1 |
1 similar comment
+1 |
+1 |
+1 |
+1 |
3 similar comments
+1 |
+1 |
+1 |
+1 |
6 similar comments
+1 |
+1 |
+1 |
+1 |
+1 |
+1 |
+1 |
add support for SES integration by introducing a new property for configuring email settings for a user pool. This feature supports both types of integration with SES. 1. Using the COGNITO_DEFAULT sending account, but providing a custom email address 2. Using the DEVELOPER sending account This feature does not automate any configuration on SES since that is not currently possible with CloudFormation and requires a manual verification step. To use the SES integration introduced in this feature the user will have had to already configured a verified email address in Amazon SES and followed the steps outlined here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html closes #6768 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
add support for SES integration by introducing a new property for configuring email settings for a user pool. This feature supports both types of integration with SES. 1. Using the COGNITO_DEFAULT sending account, but providing a custom email address 2. Using the DEVELOPER sending account This feature does not automate any configuration on SES since that is not currently possible with CloudFormation and requires a manual verification step. To use the SES integration introduced in this feature the user will have had to already configured a verified email address in Amazon SES and followed the steps outlined here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html closes aws#6768 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
add support for SES integration by introducing a new property for configuring email settings for a user pool. This feature supports both types of integration with SES. 1. Using the COGNITO_DEFAULT sending account, but providing a custom email address 2. Using the DEVELOPER sending account This feature does not automate any configuration on SES since that is not currently possible with CloudFormation and requires a manual verification step. To use the SES integration introduced in this feature the user will have had to already configured a verified email address in Amazon SES and followed the steps outlined here: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html closes aws#6768 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
AWS Docs to the feature: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html#user-pool-email-developer
CloudFormation properties: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: