问题
Cognito's User Pool takes an email config that needs an ARN of a verified email. Can I use any email on a verified domain instead of a single verified email?
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html I am looking at this documentation, but I am not sure how to make a User pool with anything other than a "verified email" which is not automatable. the alternative that i would like is to automate the verification of a domain and then use any address from that that domain.
回答1:
We were able to accomplish this via the CLI. First, go to your verified domain in SES and add an Identity Policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"SES:SendRawEmail",
"SES:SendEmail"
],
"Resource": "arn:aws:ses:us-east-1:YOUR_ACCOUNT_ID:identity/MYCUSTOM.DOMAIN.COM" <- arn of your SES domain
}
]
}
Then create a json file on your local machine.
{
"SourceArn": "arn:aws:ses:us-east-1:"accountid":identity/MYCUSTOM.DOMAIN.COM",
"ReplyToEmailAddress": "no-reply@MYCUSTOM.DOMAIN.COM",
"EmailSendingAccount": "DEVELOPER",
"From": "no-reply@MYCUSTOM.DOMAIN.COM"
}
Finally run the cli command
aws cognito-idp update-user-pool --user-pool-id 'us-xxxx-X_XXXXXX' --region 'xx-xxxx-x' --email-configuration file://email.json
When this is done in the AWS console for your cognito pool you should see the ARN of the SES domain under the From email address ARN and you can specify whatever email you want in the from address field.
Note: You this is an existing pool in prod you may want to run the following command to get the email config to make sure you don't override any settings as noted in the update documentation https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html.
aws cognito-idp describe-user-pool --user-pool-id 'USER_POOL_ID' --region us-east-1
来源:https://stackoverflow.com/questions/60645748/can-a-cognito-user-pool-use-ses-with-a-verified-domain-and-not-a-verified-email