Add SES Support to a Cognito User Pool in CDK
Borislav Hadzhiev
Last updated: Apr 14, 2022
Check out my new book
Integrating SES with Cognito User Pools in CDK #
Every time a user signs up for our application or requests a password recovery,
AWS Cognito sends them an email. By default, Cognito sends emails from
no-reply@verificationemail.com.
The default email configuration has many restrictions and quotas, for example - we can only send 50 emails per day and the subject of the email has to be less than 140 characters long.
Since the Level 2 UserPool construct doesn't expose a property for integrating with SES, we have to use an escape hatch to update the email configuration.
In order to configure SES for a Cognito User Pool in CDK, we have to get access to the CfnUserPool construct and update its emailConfiguration property.
const userPool = new cognito.UserPool(this, 'user-pool-id', { //...rest }); // 👇 update Email sender for Cognito Emails const cfnUserPool = userPool.node.defaultChild as cognito.CfnUserPool; cfnUserPool.emailConfiguration = { emailSendingAccount: 'DEVELOPER', replyToEmailAddress: 'YOUR_EMAIL@example.com', sourceArn: `arn:aws:ses:YOUR_COGNITO_SES_REGION:${ cdk.Stack.of(this).account }:identity/YOUR_FROM_EMAIL@example.com`, };
Let's go over the properties we've set for email configuration:
- emailSendingAccount
specifies whether Cognito should use the default email provider or our custom
SES configuration. The
DEVELOPERsetting indicates that we'll provide our custom SES config. - replyToEmailAddress specifies the email address users will be replying to
- sourceArn
specifies the ARN of a verified email address. Note that cognito only
integrates with SES in 3 regions:
us-east-1,us-west-2,eu-west-1. The SESfrom-emailhas to be verified in the specific region, and your SES account must be out of the sandbox.
us-east-1, us-west-2 and eu-west-1 - Cognito Docs
