我不确定如何设置无服务器 cloudformation 资源部分的“电子邮件配置”部分。有没有人有如何做到这一点的例子?任何指导将不胜感激!
这是我的 serverless.yml 文件。
service: cognito-email-config
provider:
name: aws
runtime: nodejs6.10
region: us-east-1
plugins:
- serverless-stack-output
custom:
output:
handler: serverless/output.handler
file: outputs/stack.json
functions:
preSignUp:
handler: serverless/preSignUp.handler
postConfirmation:
handler: serverless/postConfirmation.handler
resources:
Resources:
SESRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
- PolicyName: "CognitoSESPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:SendEmail"
- "ses:SendRawEmail"
Resource: "*"
CognitoUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${env:COGNITO_USER_POOL}
EmailConfiguration:
ReplyToEmailAddress: admin@example.com
SourceArn:
Fn::GetAtt: [SESRole, Arn]
AutoVerifiedAttributes:
- phone_number
MfaConfiguration: "OPTIONAL"
SmsConfiguration:
ExternalId: ${env:COGNITO_USER_POOL}-external
SnsCallerArn:
Fn::GetAtt: [SNSRole, Arn]
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: email
AttributeDataType: String
Mutable: false
Required: true
- Name: phone_number
AttributeDataType: String
Mutable: false
Required: true
运行后,我收到此错误...
Serverless: Deployment failed!
Serverless Error ---------------------------------------
An error occurred while provisioning your stack: CognitoUserPool - Email arn does not belong to your account. (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: f2b14a38-82a1-11e7-8ea0-eb271a42c298).
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Forums: forum.serverless.com
Chat: gitter.im/serverless/serverless
Your Environment Information -----------------------------
OS: linux
Node Version: 8.2.1
Serverless Version: 1.20.0
ERROR: Job failed: exit code 1
我认为我没有正确使用“EmailConfiguration”的“SourceArn”;我只是将示例从 SNS 复制到 SES(使用下面的要点),希望它能起作用。
这是我需要设置的资源的 aws 文档引用:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailconfiguration
这有助于我作为引用,但没有说明如何使用 SES:
https://gist.github.com/singledigit/2c4d7232fa96d9e98a3de89cf6ebe7a5
最佳答案
我刚刚经历了同样的磨难,终于弄明白了。 AWS 在这方面有可怕的文档。分享我的经验,希望能帮助您和/或其他人。
1.) 您需要在 SES 中验证要发送的电子邮件。
2.) 验证电子邮件后,您可以在 SES 仪表板中单击它并查看它的身份 ARN(例如,arn:aws:ses:us-west-2:MY-AWS-ACCOUNT-NUMBER:identity/admin@example.com)。此身份 ARN 是您将在上面 CloudFormation 中用于 EmailConfiguration 下 SourceARN 的内容。
3.) 在 SES 仪表板中单击经过验证的电子邮件后,您将可以选择设置身份策略。在此处添加此代码段(将下面的资源 ARN 替换为您从步骤 2 中获取的正确身份 ARN):
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "stmnt1234567891234",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "arn:aws:ses:us-west-2:<MY-AWS-ACCOUNT-NUMBER>:identity/admin@example.com"
}
]
}
关于amazon-web-services - 如何为 aws cognito 用户池设置电子邮件配置?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45720046/