配置 Cognito 用户池以在 ap-southeast-2 使用 SES 发送电子邮件
Configuring Cognito User Pool to send emails with SES at ap-southeast-2
我有以下 cloudformation 模板(它是 serverless.yml 模板的一部分)来创建使用 SES 发送电子邮件的 Cognito UserPool。
我正在 ap-southeast-2 上部署我的无服务器项目,我想使用相同的区域来发送电子邮件。我已经在 ap-southeast-2 中预先验证了 SES 模板中的帐户,但是如果我将下面(最后一行)模板中的 SourceArn 替换为 ap-southeast-2(或无服务器伪变量 #{AWS::Region}) 地区我得到一个错误:
An error occurred: CognitoUserPool - Unable to send email message, please try again (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: ...).
当我用 us-west-2 替换区域时(如下面的模板),它起作用了。如果 ap-southeast-2 允许我使用该地区的 SES,为什么不支持它?
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
# Generate a name based on the stage
UserPoolName: ${self:provider.stage}-user-pool
# Set email as an alias
AutoVerifiedAttributes:
- email
# UsernameAttributes and AliasAttributes are mutually exclusive configuration options
AliasAttributes: # instead of UsernameAttributes:
- preferred_username
- email
UsernameConfiguration:
CaseSensitive: false
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
AdminCreateUserConfig:
UnusedAccountValidityDays: 5
AllowAdminCreateUserOnly: false
Policies:
PasswordPolicy:
MinimumLength: 10
RequireLowercase: true
RequireNumbers: true
RequireSymbols: true
RequireUppercase: true
Schema:
- Name: membershipType
Required: false
Mutable: true
AttributeDataType: String
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_LINK
EmailMessageByLink: "Please click on the following link to verify: {##Verify Email##}"
EmailSubjectByLink: Please confirm your registration
EmailConfiguration:
EmailSendingAccount: DEVELOPER
From: my@email.com
ReplyToEmailAddress: my@email.com
SourceArn: arn:aws:ses:us-west-2:#{AWS::AccountId}:identity/my@email.com
此功能在 ap-southeast-2 中不支持。在 AWS 在新区域提供该支持之前,不能做太多事情。
来自docs:
Available regions for Amazon SES are US East (N. Virginia)us-east-1, US West (Oregon) us-west-2, and Europe (Ireland)eu-west-1. Amazon SES doesn't support email receiving in the following Regions: Asia Pacific (Mumbai), Asia Pacific (Sydney), Canada (Central), Europe (Frankfurt), Europe (London), South America (São Paulo), and AWS GovCloud (US).
您是否在 SES 控制台中验证了要从中发送电子邮件的电子邮件?验证后,您将看到要设置的正确 arn。
我又犯了一个奇怪的错误。我不得不删除 EmailConfiguration.From 字段。当我设置这个字段时,即使与经过验证的电子邮件相同,它也会导致我出现类似的错误。
我还没有测试过(虽然即将测试),但我不明白为什么你不能使用基于 Lambda 的“自定义电子邮件发件人”来路由悉尼地区,按照此处的说明:Configure Cognito to send emails through third party such as SendGrid the proper way
我有以下 cloudformation 模板(它是 serverless.yml 模板的一部分)来创建使用 SES 发送电子邮件的 Cognito UserPool。
我正在 ap-southeast-2 上部署我的无服务器项目,我想使用相同的区域来发送电子邮件。我已经在 ap-southeast-2 中预先验证了 SES 模板中的帐户,但是如果我将下面(最后一行)模板中的 SourceArn 替换为 ap-southeast-2(或无服务器伪变量 #{AWS::Region}) 地区我得到一个错误:
An error occurred: CognitoUserPool - Unable to send email message, please try again (Service: AWSCognitoIdentityProviderService; Status Code: 400; Error Code: InvalidParameterException; Request ID: ...).
当我用 us-west-2 替换区域时(如下面的模板),它起作用了。如果 ap-southeast-2 允许我使用该地区的 SES,为什么不支持它?
CognitoUserPool:
Type: AWS::Cognito::UserPool
Properties:
# Generate a name based on the stage
UserPoolName: ${self:provider.stage}-user-pool
# Set email as an alias
AutoVerifiedAttributes:
- email
# UsernameAttributes and AliasAttributes are mutually exclusive configuration options
AliasAttributes: # instead of UsernameAttributes:
- preferred_username
- email
UsernameConfiguration:
CaseSensitive: false
AccountRecoverySetting:
RecoveryMechanisms:
- Name: verified_email
Priority: 1
AdminCreateUserConfig:
UnusedAccountValidityDays: 5
AllowAdminCreateUserOnly: false
Policies:
PasswordPolicy:
MinimumLength: 10
RequireLowercase: true
RequireNumbers: true
RequireSymbols: true
RequireUppercase: true
Schema:
- Name: membershipType
Required: false
Mutable: true
AttributeDataType: String
VerificationMessageTemplate:
DefaultEmailOption: CONFIRM_WITH_LINK
EmailMessageByLink: "Please click on the following link to verify: {##Verify Email##}"
EmailSubjectByLink: Please confirm your registration
EmailConfiguration:
EmailSendingAccount: DEVELOPER
From: my@email.com
ReplyToEmailAddress: my@email.com
SourceArn: arn:aws:ses:us-west-2:#{AWS::AccountId}:identity/my@email.com
此功能在 ap-southeast-2 中不支持。在 AWS 在新区域提供该支持之前,不能做太多事情。
来自docs:
Available regions for Amazon SES are US East (N. Virginia)us-east-1, US West (Oregon) us-west-2, and Europe (Ireland)eu-west-1. Amazon SES doesn't support email receiving in the following Regions: Asia Pacific (Mumbai), Asia Pacific (Sydney), Canada (Central), Europe (Frankfurt), Europe (London), South America (São Paulo), and AWS GovCloud (US).
您是否在 SES 控制台中验证了要从中发送电子邮件的电子邮件?验证后,您将看到要设置的正确 arn。
我又犯了一个奇怪的错误。我不得不删除 EmailConfiguration.From 字段。当我设置这个字段时,即使与经过验证的电子邮件相同,它也会导致我出现类似的错误。
我还没有测试过(虽然即将测试),但我不明白为什么你不能使用基于 Lambda 的“自定义电子邮件发件人”来路由悉尼地区,按照此处的说明:Configure Cognito to send emails through third party such as SendGrid the proper way