'Cognito SMS Auth to SNS in a different region

I have a Cognito set up in eu-central-1 and now I need SMS MFA to be activated in Cognito. AWS docs tells me that Cognito will send SMS through AWS SNS however, the SNS in region eu-central-1 does not have SMS availability.

I now have an SNS in a different region (us-east-1) with an SMS limit of $1000 but how can I connect the Cognito in eu-central-1 to send sms through SNS in us-east-1? Is it even possible or would I have to move my Cognito to us-east-1?

The Cognito role has the relevant permission to access/publish through SNS.

amazon-cognitoamazon-sns


Solution 1:[1]

According to the Cognito Developer Guide:

SMS messages from Amazon Cognito user pools are routed through Amazon SNS in the same region unless noted in the following table.

Amazon Cognito Region Supported SNS Regions
US East (Ohio) us-east-2 us-east-1
Asia Pacific (Mumbai) ap-south-1 ap-southeast-1
Asia Pacific (Seoul) ap-northeast-2 ap-notheast-1
Canada(Central) ca-central-1 us-east-1
Europe (Frankfurt) eu-central-1 eu-west-1
Europe (London) eu-west-2 eu-west-1

Check the docs for the latest but eu-central-1 gets routed through eu-west-1 at the time I'm writing this. I came across this with my deployment in us-east-2 which gets routed through us-east-1.

Solution 2:[2]

Yes, it is possible to connect a aws-cognito-userpool from eu-central-1 with aws-sns Text messaging (SMS) in eu-west-1. They don't have to be in the same region.

However aws now offers sending sms via eu-central-1 and explicitly asks to maintain isolation of regions.

https://aws.amazon.com/blogs/security/amazon-cognito-launches-support-for-in-region-integration-with-amazon-ses-and-amazon-sns/

  1. switch to the new interface (displayed at top: The new design for Cognito User Pools console is now available. Try out the new interface)
  2. select user pool
  3. go to tab Messaging
  4. Section SMS and Edit
  5. select region from dropdown at section SNS Region

Solution 3:[3]

There is a screen to configure this for your AWS Cognito.

  1. Navigate to AWS Cognito -> Manage user pool
  2. Select the User Pool where notification has to be configured.
  3. Navigate to the section 'Message Customizations'
  4. Choose the SES Region where it is configured in your account and fill the remaining fields.
  5. In the option 'Do you want to send emails through your Amazon SES Configuration?' choose 'Yes - Use Amazon SES'.
  6. Go to bottom and save the changes (make necessary changes in other fields according to your requirement.)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 dnltinney
Solution 3 Robin Varghese

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function