Configure Cognito to send emails through third party such as SendGrid the proper way

Question

I have tried to invoke the custom message function to send emails through SendGrid, well it worked but I don't have a way to stop AWS from sending through their emails. I have tried to set the messageAction to "SUPPRESS" but another problem arises. There is no such support for self-registration since messageAction is only for adminCreateUser function. Did I miss something or am I not doing this properly?

Answer 1

Custom Sender Lambda Triggers is the way to use 3rd party notification service providers.

Cognito docs are lacking at the moment (steps are missing, Lambda code has to be fixed after copying from the example, no instructions of how to deploy with CloudFormation, ...).

High level overview of the steps:

1. Create a symmetric KMS key.
2. Create a Lambda function. Grant Lambda permission to kms:Decrypt the key. Pass the key ARN as the environment variable.
3. Create a User Pool and a User Pool Client. For the pool, configure LambdaConfig providing Lambda and KMS Key ARNs.
4. In the code, decrypt the notification code using the key passed in the env variables.
5. Send the notification code using the 3rd party (e.g. Twilio Sendgrid) API.

Tooling (as of March 2021):

• Cognito Console does not support new triggers
• AWS CLI supports new triggers
• CloudFormation docs say triggers are not supported, but in reality it works
• Terraform does not support setting new triggers yet (there's a workaround)

I've blogged about the process of setting up the Custom Email Lambda Trigger with CloudFormation and Terraform: Send AWS Cognito emails with 3rd party ESPs.