问题
I am not sure how to setup the "EmailConfiguration" part of the serverless cloudformation resource section. Does anyone have an example on how to do this? Any guidance would be much appreciated!
Here is my serverless.yml file.
service: cognito-email-config
provider:
name: aws
runtime: nodejs6.10
region: us-east-1
plugins:
- serverless-stack-output
custom:
output:
handler: serverless/output.handler
file: outputs/stack.json
functions:
preSignUp:
handler: serverless/preSignUp.handler
postConfirmation:
handler: serverless/postConfirmation.handler
resources:
Resources:
SESRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
- PolicyName: "CognitoSESPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:SendEmail"
- "ses:SendRawEmail"
Resource: "*"
CognitoUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${env:COGNITO_USER_POOL}
EmailConfiguration:
ReplyToEmailAddress: admin@example.com
SourceArn:
Fn::GetAtt: [SESRole, Arn]
AutoVerifiedAttributes:
- phone_number
MfaConfiguration: "OPTIONAL"
SmsConfiguration:
ExternalId: ${env:COGNITO_USER_POOL}-external
SnsCallerArn:
Fn::GetAtt: [SNSRole, Arn]
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: email
AttributeDataType: String
Mutable: false
Required: true
- Name: phone_number
AttributeDataType: String
Mutable: false
Required: true
after running that i get this error...
Serverless: Deployment failed!
Serverless Error ---------------------------------------
An error occurred while provisioning your stack: CognitoUserPool - Email arn does not belong to your account. (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: f2b14a38-82a1-11e7-8ea0-eb271a42c298).
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Forums: forum.serverless.com
Chat: gitter.im/serverless/serverless
Your Environment Information -----------------------------
OS: linux
Node Version: 8.2.1
Serverless Version: 1.20.0
ERROR: Job failed: exit code 1
I don't think I am using "SourceArn" of "EmailConfiguration" properly; I just copied the example from SNS to SES (using the gist below) hoping it would work.
Here is aws documentation reference for the resource that I need setup: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailconfiguration
this has helped me as a reference but doesn't show how to use SES: https://gist.github.com/singledigit/2c4d7232fa96d9e98a3de89cf6ebe7a5
回答1:
I just went through the same ordeal and finally figured it out. AWS has horrible documentation on this. Sharing my experience to hopefully help you and/or others.
1.) You'll need to verify the email you want to send from in SES.
2.) Once you verify the email, you are able to click on it in the SES dashboard and see it's Identity ARN (e.g., arn:aws:ses:us-west-2:MY-AWS-ACCOUNT-NUMBER:identity/admin@example.com). This Identity ARN is what you'll use in the CloudFormation above for SourceARN under EmailConfiguration.
3.) Once you click on the verified email in the SES dashboard, you'll have the option to set Identity Policies. Add this snippet there (replacing the Resource ARN below with the correct Identity ARN you grabbed from step 2):
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "stmnt1234567891234",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "arn:aws:ses:us-west-2:<MY-AWS-ACCOUNT-NUMBER>:identity/admin@example.com"
}
]
}
来源:https://stackoverflow.com/questions/45720046/how-do-i-setup-email-configuration-for-aws-cognito-user-pools