Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

AWS Cognito email through AWS SES sandbox

0

Hello, as state on AWS SES documentation, a sandbox is not able to send email to unverified email addresses: While your account is in the sandbox, you can only send email to addresses that you've verified Somehow using a generic and unverified email address on AWS Cognito that relys on a SES sandbox environment, bypass the rule and send the email anyway. I think this kind of behavior is a bit misleading as the sender is a sandbox and, as a sandbox, should not send email to anyone but provided ones. Why is it happening? Am i missing something?

Tópicos
Segurança, identidade e conformidadeWeb e dispositivos móveis front-endAplicativos de negócios
Tags
Amazon CognitoServiço de e-mail simples da Amazon
Idioma
English
Danilo Filippelli
feita há um mês183 visualizações
1 Resposta
2
Resposta aceita

The behavior you observed of Cognito being able to send emails to unverified addresses from within the SES sandbox is likely due to how Cognito integrates with SES. When a Cognito user pool is configured to use SES for email, it is granted permissions via a service-linked role to send emails on behalf of users. This bypassses some of the normal restrictions of the SES sandbox. However, you are correct that in general, the SES sandbox is not meant to allow sending to unverified addresses. There are a few options to consider:

  • Verify the email addresses you want to test with so they are allowed within the sandbox.
  • Request a limit increase on your SES account to move it fully out of the sandbox by submitting a request through the AWS Support Center. This will allow sending to any addresses once approved.
  • Consider alternatives like using a development SES account not in sandbox mode for testing purposes before going to production.
profile picture
ESPECIALISTA
Giovanni Lauria
respondido há um mês
profile pictureAWS
ESPECIALISTA
Didier_Durand
avaliado há um mês
  • Danilo Filippelli
    há um mês

    The problem is that i expected it to follow the SES rules instead of bypass them, so the dev pool won't contact any of our customers. Is it possible to make the pool follow the SES sandbox restrictions? EDIT: it is my fault, the problem relys on the Messaging configuration, it can use Send email with Amazon SES - Recommended or Send email with Cognito, the first option respect the SES verified identities, the second one is insulated from SES and it is normal that doesn't respect any restriction. I found it while checking it through your considerations, thank you :)

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante