我试图确认用户发送确认电子邮件。 Cogntio要求我使用Sn设置的电子邮件。以下是我的模板。
当我使用无服务器进行部署时,我得到:
An error occurred: UserPool - Email arn does not belong to your account. (Service: AWSCognitoIdentityProvider; Status Code: 400; Error Code: NotAuthorizedException; Request ID: a4ce4fc2-020b-11e8-bc29-7ff8569f2cc7).
我做错了什么?
Resources:
SESRole:
Type: "AWS::IAM::Role"
Properties:
AssumeRolePolicyDocument:
Version: "2008-10-17"
Statement:
- Effect: "Allow"
Principal:
Service:
- "cognito-idp.amazonaws.com"
Action:
- "sts:AssumeRole"
Policies:
- PolicyName: "CognitoSESPolicy"
PolicyDocument:
Version: "2008-10-17"
Statement:
- Effect: "Allow"
Sid: stmtXXXXXXX
Action:
- "ses:SendEmail"
- "ses:SendRawEmail"
Resource: "arn:aws:ses:eu-west-1:XXXXX:identity/XXXXXXX"
# Creates a user pool
UserPool:
Type: "AWS::Cognito::UserPool"
Properties:
UserPoolName: ${self:service}-user-pool
EmailConfiguration:
ReplyToEmailAddress: XXXXX
SourceArn:
Fn::GetAtt: [SESRole, Arn]
EmailVerificationSubject: "verification code"
EmailVerificationMessage: "Please click the link below to verify your email address. {####} "
Schema:
- Name: name
AttributeDataType: String
答案 0 :(得分:3)
在AWS SES Home中,单击已验证的电子邮件,然后单击“身份策略”。检查那里 是否存在Cognito-SES政策。如果不存在,请单击 CreatePolicy->自定义策略并粘贴以下代码:-
{
"Version": "2008-10-17",
"Statement": [
{
"Sid": "stmnt6857725459985",
"Effect": "Allow",
"Principal": {
"Service": "cognito-idp.amazonaws.com"
},
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Resource": "arn:aws:ses:Region:<ACCOUNT-ID>:identity/sample@example.com"
}
]
}
2。在CloudConfiguration模板中为EmailA下的SourceARN使用IdentityARN。
EmailConfiguration:
ReplyToEmailAddress: XXXXX
SourceArn:
"arn:aws:ses:Region:<ACCOUNT-ID>:identity/sample@example.com"