我不确定如何设置无服务器云形成资源部分的"电子邮件配置"部分。有没有人有关于如何做到这一点的例子?任何指导将不胜感激!
这是我的无服务器.yml文件。
service: cognito-email-config
provider:
name: aws
runtime: nodejs6.10
region: us-east-1
plugins:
- serverless-stack-output
custom:
output:
handler: serverless/output.handler
file: outputs/stack.json
functions:
preSignUp:
handler: serverless/preSignUp.handler
postConfirmation:
handler: serverless/postConfirmation.handler
resources:
Resources:
SESRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
- PolicyName: "CognitoSESPolicy"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:SendEmail"
- "ses:SendRawEmail"
Resource: "*"
CognitoUserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${env:COGNITO_USER_POOL}
EmailConfiguration:
ReplyToEmailAddress: admin@example.com
SourceArn:
Fn::GetAtt: [SESRole, Arn]
AutoVerifiedAttributes:
- phone_number
MfaConfiguration: "OPTIONAL"
SmsConfiguration:
ExternalId: ${env:COGNITO_USER_POOL}-external
SnsCallerArn:
Fn::GetAtt: [SNSRole, Arn]
Schema:
- Name: name
AttributeDataType: String
Mutable: true
Required: true
- Name: email
AttributeDataType: String
Mutable: false
Required: true
- Name: phone_number
AttributeDataType: String
Mutable: false
Required: true
运行后,我收到此错误...
Serverless: Deployment failed!
Serverless Error ---------------------------------------
An error occurred while provisioning your stack: CognitoUserPool - Email arn does not belong to your account. (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: f2b14a38-82a1-11e7-8ea0-eb271a42c298).
Get Support --------------------------------------------
Docs: docs.serverless.com
Bugs: github.com/serverless/serverless/issues
Forums: forum.serverless.com
Chat: gitter.im/serverless/serverless
Your Environment Information -----------------------------
OS: linux
Node Version: 8.2.1
Serverless Version: 1.20.0
ERROR: Job failed: exit code 1
我认为我没有正确使用"电子邮件配置"的"SourceArn";我只是将示例从 SNS 复制到 SES(使用下面的要点(,希望它能起作用。
以下是我需要设置的资源的 aws 文档参考: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html#cfn-cognito-userpool-emailconfiguration
这对我有帮助作为参考,但没有显示如何使用 SES: https://gist.github.com/singledigit/2c4d7232fa96d9e98a3de89cf6ebe7a5
我只是经历了同样的磨难,终于想通了。AWS有关于此的可怕文档。分享我的经验,希望对您和/或其他人有所帮助。
1.( 您需要在 SES 中验证要发送的电子邮件。
2.( 验证电子邮件后,您可以在 SES 控制面板中单击它并查看其身份 ARN(例如,arn:aws:ses:us-west-2:MY-AWS-ACCOUNT-NUMBER:identity/admin@example.com(。此身份 ARN 是您将在上面的 CloudFormation 中用于电子邮件配置下的 SourceARN 的 ARN 身份 ARN。
3.( 单击SES仪表板中已验证的电子邮件后,您可以选择设置身份策略。在此处添加此代码段(将下面的资源 ARN 替换为您在步骤 2 中获取的正确身份 ARN(:
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "stmnt1234567891234",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "arn:aws:ses:us-west-2:<MY-AWS-ACCOUNT-NUMBER>:identity/admin@example.com"
}
]
}