Projects on AWS:

Module 2. Manage users

In this module, you use Amazon SES to set up and verify an email address identity and Amazon Cognito to create a user pool. Amazon SES enables you to customize the email address where account verification emails are sent from when new users create their accounts.

Host a static website

Manage Users

Build a serverless backend

Deploy a RESTful API

Test your setup

Clean up your project resources

Implementation instructions

Follow the step-by-step instructions below to set up and verify a new email address identity, and create a user pool. Click on each step number to expand the section.

  • Step 1. Add and verify a new email address identity in Amazon SES

    Amazon SES is an email platform that lets you send and receive email using your own email addresses and domains. Complete the procedure in this section to add and verify an email address identity using the Amazon SES console. You’ll use this email address for testing later on.

    If you have a new Amazon SES account, certain restrictions are applied to your account to help prevent fraud and abuse, and to protect your reputation as a sender. All new Amazon SES accounts are placed in the Amazon SES sandbox, and all sender email addresses and domains must be verified.

    Note

    Staying in an Amazon SES sandbox environment is sufficient when you are in the development and testing phases. However, we recommend that you move out of the sandbox if you deploy your solution to production. Doing so lets you send emails without any restrictions to users who create an account on your website. For more information, see Moving Out of the Amazon SES Sandbox in the Amazon Simple Email Service Developer Guide.

    1. Open the Amazon SES console at https://console.aws.amazon.com/ses/.
    2. In the navigation pane, under Identity Management, choose Email Addresses.
    3. Choose Verify a New Email Address.
    4. In the Verify a New Email Address dialog box, type the email address that you want to add and verify in the Email Address field. The email address must be one that you can access.
    5. Choose Verify This Email Address.
    6. A verification email is sent to the email address that you specified. It may take up to an hour for the email to arrive.
    The message contains the following subject line:
    "Amazon Web Services - Email Address Verification Request in region RegionName,"
    where RegionName is the name of the AWS Region that is selected in the SES console.
    7. When the verification email arrives, open the verification link in the message.
    Note
    The link in the verification message expires 24 hours after the message is sent. If 24 hours have passed since you received the verification email, repeat steps 1 through 7 to receive another verification email with a valid link.

    8. You can check the status of your email address identity in the SES console. In the navigation pane, choose Email Addresses. In the list of email address identities, find the email address that you added, and confirm that the verification status for the address is verified.

  • Step 2. Create an Amazon Cognito user pool

    Amazon Cognito provides authentication, authorization, and user management for your apps. A user pool is a user directory in Amazon Cognito. With a user pool, your users can sign in to your apps through Amazon Cognito.

    1. Open the Amazon Cognito console at https://console.aws.amazon.com/cognito/.
    2. On the Amazon Cognito page, choose Manage User Pools.
    3. In the upper right of the User Pools page, choose Create a user pool.
    4. For Pool name, type examplecorp_saas.
    5. Choose Review defaults.
    6. On the review page, choose Create pool.
    7. Note the Pool Id value at the top of the details page for your new user pool.
       

  • Step 3. Add an app client to your user pool

    After you create a user pool, create an app client to use the Example Corp. website for signing up and signing in your users.

    1. In the Amazon Cognito console, choose Manage User Pools, and then choose your user pool.
    2. In the navigation pane, under General settings, choose App clients.
    3. Choose Add an app client.
    4. For the name, type examplecorp_saas_app.
    5. Clear the Generate client secret check box. Client secrets aren't currently supported for use with browser-based applications.
    6. Choose Create app client.
    7. Note the App client id value for the new application.
       

  • Step 4. Specify a custom FROM email address for emails sent to users in your user pool

    By default, the email messages that Amazon Cognito sends to users in your user pools come from no-reply@verificationemail.com. Complete the following steps to specify a custom FROM email address to use instead of no-reply@verificationemail.com.

    1. In the Amazon Cognito console, choose Manage User Pools, and then choose your user pool.
    2. In the navigation pane, under General settings, choose Message customizations.
    3. Scroll to the bottom of the page. Under Do you want to customize your email address, select the plus sign to the left of Add custom FROM address to display the custom options. Then, do the following:

    • In the SES Region list, verify that the correct Region is selected.
    • In the FROM email address, select the SES verified email address that you want Amazon Cognito account verification emails sent from.

    4. Choose Save changes.
     

Back to introduction
Next: Build a serverless backend