Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Steps to Customize email Verification code and sending address per user

0

I want to customize both verification code and sender email per each new user in my Cognito user pool, want to Send code using SES ,want to know which lambda trigger to use and lambda event request and response parameters. Summarized Steps.

What I Want to do

  1. Get user Name
  2. Connect to database
  3. Select Sending address based on user attributes from database
  4. Set sending email address
  5. Send Verification code from that email using SES.
  6. keep users email as it is
  7. Verify Code.

To Implement this Flow what steps should I follow.

Topics
ServerlessComputeSecurity, Identity, & Compliance
Tags
Amazon CognitoAWS Lambda
Language
English
asked 10 months ago314 views
1 Answer
-1

To customize email verification code and sending address per user in your Amazon Cognito user pool using SES, you'll need to implement a Custom Email Sender Lambda trigger. Here are the steps to implement your flow:

  1. First, set up your Amazon SES configuration:
  • Verify your email addresses or domain with Amazon SES
  • Move out of the SES sandbox if needed for production use
  • Create appropriate sending authorization policies
  1. Configure your user pool email settings:
  • In the Amazon Cognito console, go to your user pool
  • Navigate to "Authentication methods" menu
  • Locate "Email configuration" and choose "Edit"
  • Select "Send email from Amazon SES" option
  • Configure your SES Region and other settings
  1. Create a Custom Email Sender Lambda function:
  • Create a new Lambda function that will handle the email customization
  • The function will receive event data including user attributes and code
  • Implement your logic to:
  • Extract the username from the event
  • Connect to your database
  • Select the appropriate sending address based on user attributes
  • Use the AWS SDK to send the email via SES with your custom FROM address
  • Include the verification code in the email (available in the encrypted code parameter)
  1. Configure the Lambda trigger:
  • In the Amazon Cognito console, go to your user pool
  • Navigate to the "User pool properties" section
  • Under "Lambda triggers", add your function as a "Custom email sender" trigger

Your Lambda function will receive parameters including:

  • triggerSource: Identifies the event type (e.g., "CustomEmailSender_SignUp" for verification during sign-up)
  • request.userAttributes: Contains user attributes including email
  • request.code: Contains the encrypted verification code
  • request.clientMetadata: Any custom metadata provided during sign-up

The function must decrypt the code and handle sending the email via SES. You'll need to return the event object back to Amazon Cognito when complete.

Note that the verification code is valid for 24 hours, and your custom function is responsible for all email delivery from your user pool. The maximum length for verification messages is 20,000 UTF-8 characters, and you can include HTML formatting in your emails.
Sources
Configuring MFA, authentication, verification and invitation messages - Amazon Cognito
Email settings for Amazon Cognito user pools - Amazon Cognito
Custom email sender Lambda trigger - Amazon Cognito

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content