如何为aws认知用户池设置电子邮件配置？

Question

我不知道如何设置无服务器的cloudformation资源部分的“EmailConfiguration”部分。有没有人有如何做到这一点的例子？任何指导将非常感谢！

这是我的serverless.yml文件。

service: cognito-email-config 
provider: 
    name: aws 
    runtime: nodejs6.10 
    region: us-east-1 

plugins: 
    - serverless-stack-output 

custom: 
    output: 
    handler: serverless/output.handler 
    file: outputs/stack.json 

functions: 
    preSignUp: 
    handler: serverless/preSignUp.handler 
    postConfirmation: 
    handler: serverless/postConfirmation.handler 

resources: 
    Resources: 
    SESRole: 
     Type: "AWS::IAM::Role" 
     Properties: 
     AssumeRolePolicyDocument: 
      Version: "2012-10-17" 
      Statement: 
      - Effect: "Allow" 
       Principal: 
       Service: 
        - "cognito-idp.amazonaws.com" 
       Action: 
       - "sts:AssumeRole" 
     Policies: 
      - PolicyName: "CognitoSESPolicy" 
      PolicyDocument: 
       Version: "2012-10-17" 
       Statement: 
       - Effect: "Allow" 
        Action: 
        - "ses:SendEmail" 
        - "ses:SendRawEmail" 
        Resource: "*" 
    CognitoUserPool: 
     Type: "AWS::Cognito::UserPool" 
     Properties: 
     UserPoolName: ${env:COGNITO_USER_POOL} 
     EmailConfiguration: 
      ReplyToEmailAddress: admin@example.com 
      SourceArn: 
      Fn::GetAtt: [SESRole, Arn] 
     AutoVerifiedAttributes: 
      - phone_number 
     MfaConfiguration: "OPTIONAL" 
     SmsConfiguration: 
      ExternalId: ${env:COGNITO_USER_POOL}-external 
      SnsCallerArn: 
      Fn::GetAtt: [SNSRole, Arn] 
     Schema: 
      - Name: name 
      AttributeDataType: String 
      Mutable: true 
      Required: true 
      - Name: email 
      AttributeDataType: String 
      Mutable: false 
      Required: true 
      - Name: phone_number 
      AttributeDataType: String 
      Mutable: false 
      Required: true 

运行我得到这个错误后

...

Serverless: Deployment failed! 

    Serverless Error --------------------------------------- 

    An error occurred while provisioning your stack: CognitoUserPool - Email arn does not belong to your account. (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: f2b14a38-82a1-11e7-8ea0-eb271a42c298). 

    Get Support -------------------------------------------- 
    Docs:   docs.serverless.com 
    Bugs:   github.com/serverless/serverless/issues 
    Forums:  forum.serverless.com 
    Chat:   gitter.im/serverless/serverless 

    Your Environment Information ----------------------------- 
    OS:      linux 
    Node Version:   8.2.1 
    Serverless Version:  1.20.0 

ERROR: Job failed: exit code 1 

我不认为我使用 “EmailConfiguration” 正确的 “SourceArn”;我只是将这个例子从SNS复制到SES（使用下面的要点），希望它能起作用。

这里是我需要建立资源AWS文档参考： http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailconfiguration

这有助于我作为一个参考，但并没有说明如何使用SES： https://gist.github.com/singledigit/2c4d7232fa96d9e98a3de89cf6ebe7a5

Answer 1

我刚刚经历了同样的考验，终于搞清楚了。 AWS有这个可怕的文档。分享我的经验，希望能帮助你和/或其他人。

1.）您需要验证您想要在SES中发送的电子邮件。 2.）一旦您验证了电子邮件，您可以在SES仪表板中单击它并查看它的身份ARN（例如，arn：aws：ses：us-west-2：MY-AWS-ACCOUNT- NUMBER：identity/admin@example.com）。这个Identity ARN是您在EmailConfiguration下的SourceARN上面的CloudFormation中使用的。

3.）一旦您在SES仪表板中点击验证的电子邮件，您将可以选择设置身份策略。在那里添加此片段（用步骤2中所取的正确Identity ARN替换下面的Resource ARN）：

{ 
    "Version": "2008-10-17", 
    "Statement": [ 
     { 
      "Sid": "stmnt1234567891234", 
      "Effect": "Allow", 
      "Principal": { 
       "Service": "cognito-idp.amazonaws.com" 
      }, 
      "Action": [ 
       "ses:SendEmail", 
       "ses:SendRawEmail" 
      ], 
      "Resource": "arn:aws:ses:us-west-2:<MY-AWS-ACCOUNT-NUMBER>:identity/admin@example.com" 
     } 
    ] 
}