I have tried to invoke the custom message function to send emails through SendGrid, well it worked but I don't have a way to stop AWS from sending through their emails. I have tried to set the messageAction to "SUPPRESS" but another problem arises. There is no such support for self-registration since messageAction is only for adminCreateUser function. Did I miss something or am I not doing this properly?
Configure Cognito to send emails through third party such as SendGrid the proper way
Asked Answered
Custom Sender Lambda Triggers is the way to use 3rd party notification service providers.
Cognito docs are lacking at the moment (steps are missing, Lambda code has to be fixed after copying from the example, no instructions of how to deploy with CloudFormation, ...).
High level overview of the steps:
- Create a symmetric KMS key.
- Create a Lambda function. Grant Lambda permission to
kms:Decryptthe key. Pass the key ARN as the environment variable. - Create a User Pool and a User Pool Client. For the pool, configure
LambdaConfigproviding Lambda and KMS Key ARNs. - In the code, decrypt the notification code using the key passed in the env variables.
- Send the notification code using the 3rd party (e.g. Twilio Sendgrid) API.
Tooling (as of March 2021):
- Cognito Console does not support new triggers
- AWS CLI supports new triggers
- CloudFormation docs say triggers are not supported, but in reality it works
- Terraform does not support setting new triggers yet (there's a workaround)
I've blogged about the process of setting up the Custom Email Lambda Trigger with CloudFormation and Terraform: Send AWS Cognito emails with 3rd party ESPs.
thanks for writing this out, it seems like AWS want us to crowdsource the docs for cognito these days –
Photoactive
Now available in Terraform github.com/hashicorp/terraform-provider-aws/pull/16502 registry.terraform.io/providers/hashicorp/aws/latest/docs/… –
Bolyard
It seems that now Cognito is starting to support this.
Cognito provides two Lambda triggers CustomEmailSender and CustomSMSSender to enable third-party email and SMS notifications.1
@10Repsaysgetvaccinated This is an Answer. It's saying that it's supported now. The link is just refrence. –
Shorter
@Shorter I still didnt like the answer.... is my edit ok? –
Brian
Cognito recently started the support for allowing users to send emails via third party. You will have to do this via a lambda so here are the steps:
Create a lambda which will be calling your email provider to send the email/pass the data
Give kinesis permissions to the lambda function role that you created
Create a symmetric KMS key
Add the lambda function role to users list of key
Add KEY_ID and KEY_ALIAS in the lambda preferable as an env variable
Give permission to lambda function to invoke cognito using cli
aws lambda add-permission --function-name YOURLAMBDAARN --statement-id "CognitoLambdaInvokeAccess" --action lambda:InvokeFunction --principal cognito-idp.amazonaws.com
Setup your cognito This will reset cognito settings so have a look at what was enabled first
aws cognito-idp update-user-pool --user-pool-id yourpoolid --lambda-config PreSignUp="oranyofyourtriggers",CustomEmailSender="{LambdaVersion="V1_0",LambdaArn="yourlambdaarn"}",KMSKeyID="yourkeyarn"
the above command would have reset cognito so all the triggers if any that were being used previously will have to be set now in MFA and verifications, in what attributes to verify select email (and sms settings and give a role if that was used previously) and save those changes
© 2022 - 2024 — McMap. All rights reserved.