CODEWITHSUNDEEP
amazon-web-servicesamazon-cognitoamazon-ses
sam
sam

Reputation: 2579

Cognito FROM email address ARN not appearing for SES

I have a domain registered with AWS Route 53 and I am using AWS Cognito for handling user registration.

I am trying to configure my User Pool to use SES to send verification emails instead of Cognito. I have verified my domain in Route 53 and added a MAIL FROM Domain which is in 'verified' status.

In Cognito, when I select 'Message customizations' in the left panel of the User Pool configuration and select the 'FROM email address ARN' dropdown, it only shows 'Default'. I have selected the SES Region where my domain is registered.

What else do I need to do to populate this so I can set my 'FROM email address'?

Thanks

Upvotes: 15

Views: 7991

Answers (6)

tonkatata
tonkatata

Reputation: 509

I solved it for the new AWS Console UI, which was updated a couple of days ago I believe.

Here's what I did.

STEP 1

In SES, I went back to the old UI. When you go to your verified domain settings, you should see a TXT-type DNS record which according to the new docs you don't need. However, I added it by clicking on the Use Route 53 button. It's very handy. If you don't see the button then you should already have that TXT record in your Route 53 already. Go there and make sure that's the case. If not, just add it manually.

Finally, I went to Cognito again but switched to the old UI. There, in the Message customizations menu I can see a SES ARN value in the FROM email address ARN *.

STEP 2

Initially, under the Messaging tab in the Email section in the new UI, I have set only the FROM email address field, which is a selectable option from the dropdown menu.

In my case, I have a verified whole domain, not a single email address.

In order to solve it, I went to the Messaging tab in the Email section in the new UI and also set values for both FROM sender name - optional and REPLY-TO email address - optional. I was not having those two initially. Of course, the emails you set there have to be valid under the domain you have verified.

Here's how it should look like, given your verified domain is example.com: enter image description here

(spent 3 days reading Cognito and SES documentation trying to figure out what to do and where, also some experimenting and reading AWS forums helped by giving me some clues along the way 🤦‍♂️)

Upvotes: 13

Gaurav Sharma
Gaurav Sharma

Reputation: 2203

  1. Make sure you are using the new console.
  2. Make sure your <your-domain>.com is in the verified domains list and is verified too.
  3. Make sure your email@<your-domain>.com is in the verifier domains list and is verified too.
  4. User Pools > Messaging > Edit email configs > Send emails with SES
  5. Make sure you select the valid SES region in which you have verified your entities.
  6. Select the domain name <your-domain>.com in FROM email address.
  7. Add your verified email email@<your-domain>.com in FROM sender name and REPLY TO email address.
  8. Save

Upvotes: 0

Вячеслав
Вячеслав

Reputation: 31

Was solved by switching to new interface from old. You could add verified domain and then mail from

Upvotes: 2

Tomasz Czechowski
Tomasz Czechowski

Reputation: 641

I was able to achieve this by switching to the new console. The old one does not work in such case.

Upvotes: 0

subzero79
subzero79

Reputation: 1

You need to use the boto3 python library to setup the "from ARN" for the cognito pool. Nowhere in the docs says you have to do it like that, but i found this tip in a forum some time ago looking for the same answer.

Cognito only allows three regions for cognito to use SES. If your pool is not in one of those you cannot match them, and shouldn't need to relocate the pool just for that. Regardless of region matching seems like is impossible to select from drop down.

Here is the script i used sanitized

import boto3
from pprint import pprint
client = boto3.client("cognito-idp")
import json



pool_id = 'ap-southeast-2_dsfvbGuHU'

pool_config = dict(
    UserPoolId=pool_id,
    EmailConfiguration={
        "SourceArn": "arn:aws:ses:us-west-2:421412422035:identity/example.com",
        "ReplyToEmailAddress": "[email protected]",
        "EmailSendingAccount": "DEVELOPER",
        "From": "[email protected]",
    },
    AutoVerifiedAttributes=["email"],
    VerificationMessageTemplate={
        "SmsMessage": "Your verification code is {####}. ",
        "EmailMessage": "Your verification code is {####}. ",
        "EmailSubject": "Your verification code",
        "EmailMessageByLink": "Please click the link below to verify your email address. {##Verify Email##} ",
        "EmailSubjectByLink": "Your verification link",
        "DefaultEmailOption": "CONFIRM_WITH_CODE",
    },
    LambdaConfig={
        "CustomMessage": "arn:aws:lambda:ap-southeast-2:421084812035:function:sls-repo-dev-cognito-message-service",
        "PostAuthentication": "arn:aws:lambda:ap-southeast-2:421084812035:function:sls-repo-dev-cognito-post-auth-service",
        "PostConfirmation": "arn:aws:lambda:ap-southeast-2:421084812035:function:sls-repo-dev-cognito-post-confirmation-service",
        "PreTokenGeneration": "arn:aws:lambda:ap-southeast-2:421084812035:function:sls-repo-dev-cognito-pretoken-gen-service",
    },
)

res = client.update_user_pool(**pool_config)

response = client.describe_user_pool(UserPoolId=pool_id)

pprint(response)

be careful with the script because it might override some of your settings. You can comment and print your existing configuration so you can replicate the settings. Don't forget you need aws CLI credentials to run this

Upvotes: 0

Chai n Brew
Chai n Brew

Reputation: 26

I was having a similar issue. Have you checked that your SES setup and Cognito setup are in the same region?

For example: Make sure that your SES account is set up in "us-east-1". Then create AWS Cognito User Pool or Identity Pool in "us-east-1" as well.

Make sure to refresh the Cognito page once you know that all the artifacts are in the same region.

Upvotes: 0

Related Questions