Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

AWS Cognito Verified Identity Issue

2

Hello, My team successfully created a unique email to send to users on verification for a newly signed up Cogntio User in a Cognito User Pool. We had the system working by verifying an email address, "example@example.com". A developer then verified the domain "example.com", and then deleted the example@example.com verification in the hopes of using subdomains in the future.

However, this failed with the message: "Email address not verified for arn:aws:ses:us-east-1-XXXXXXXXX:identity/example@example.com".

Although I have added back the email address into the Ses verified configuration, we are still getting the error message. It is also no longer showing up in the dropdown box for Cognito ID.

This is clearly something getting set wrong because we added the domain, added the email, then deleted the email from the verified email list in US-Va-1. I do not want to pay for support when this is clearly Amazon's internal configuration issue. I've tried creating a new User Pool, but that did not work.

How do I go about resetting this email address so that it is recognized as verified by cognito again? Once again, it is currently verified address in the US-East-1 according to SES and we are unsandboxed at this time, but Cognito can not recognize that the verified address is actually verified.

Topics
Front-End Web & MobileBusiness ApplicationsSecurity, Identity, & Compliance
Tags
Amazon CognitoAmazon Simple Email Service
Language
English
asked 4 years ago288 views
1 Answer
0

Not to Necro this discussion thread, but had a similar issue after deleting identities when we wanted to move to using a domain. Since we couldn't use the Cognito User Pool config to update the Identity (we had more than 100 and that causes some bug on AWS side in loading the dropdown)

Used the CLI to update the User Pool email config using your example would be: aws cognito-idp update-user-pool --user-pool-id {userPoolId}
--email-configuration "SourceArn=arn:aws:ses:{region}:{account}:identity/{domain},ReplyToEmailAddress={emailInDomain} ,EmailSendingAccount=DEVELOPER,From={emailInDomain},ConfigurationSet={optionalName}"

Funnily had to temporarily disable advanced security (we were in audit only) in order to be allowed to perform the above update. Success after.

Would be nice to get a warning when deleting identities that they are in use elsewhere.

Edit: Warning not providing values for other config will reset any Custom lambda triggers on Auth or your Messages so make sure to take a good look at your config before running the above.

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content