Pre-Deployment Setup
Configuring the Email sending service
You need to configure the email sending service by choosing your RainMaker region. (Reference Section - Changing the region from AWS Console)
1. Email verification
You will need to configure an email account, which will be used for sending email notifications to your end-users.
To send the mail notifications, the mail ID needs to be configured in the AWS SES (Simple Email Service) console.
- Open the AWS dashboard and search for the service, SES -
Click on Verified identities in the navigation pane.
Click on "Create identity".
Select the email address option for Identity type.
Enter the new email address, which should be used for sending email notifications.
After entering the mail address, click on "Create Identity".
An email notification will be sent to the mail ID. Click on the link in the mail to verify the address. After that, the verification status for the mail address will be confirmed.
Click on the "Refresh" button to see the updated status or check the email verification request.
2. Moving out of the SES sandbox
AWS accounts are in the SES sandbox by default. When an AWS account is in the SES sandbox, mails can be only sent to verified email addresses, domains, or the SES mailbox simulator. To send emails to other recipients, it is required to move the AWS account out of the sandbox.
SES Sandbox is AWS region-specific. You should request production access for SES in the RainMaker region.
Following are the steps to move an AWS account out of the SES sandbox:
- Log in to the AWS console and select the RainMaker region.
- Go to the SES service console.
- Click on Account dashboard from the left-hand side menu.
- Click on the "Request Production Access" option.
- Fill out the details in the form.
Select "Transactional" as the Mail type.
Enter the URL for your application or enter RainMaker URL - https://rainmaker.espressif.com.
In the use Case Description, put the following content, after making the required changes.
We are deploying Espressif’s RainMaker product (https://rainmaker.espressif.com/) into our AWS account. This product is based on a serverless architecture. RainMaker uses the SES service for sending various email notifications, including welcome emails, OTPs, details of deployment, and new RainMaker releases. So we need to move SES out of the sandbox in region <rainmaker_region>. We plan to use SES to send OTPs, details of deployment, and new RainMaker releases.
- What is the nature of your business, and how do you plan to use Amazon SES to meet the needs of your business?
- We are <your_company_name> deploying the RainMaker platform as a device and user management platform for our connected products that we launched in 2022.
- How do you collect the email addresses that are on your mailing list?
- In order to use our connected products, users registering themselves utilizing Cognito user pool. We are not creating mass-mailing lists from the Cognito User Pool.
- How do the processes for subscribing and unsubscribing work? Include links to your opt-in and opt-out pages.
- Not applicable because we do not use mailing lists.
- How do you plan to handle bounces and complaints?
- It is in the user's best interest to enter a valid email address.
- The account-level suppression list is enabled to prevent sending emails to the users for whom bounces and complaints had occurred earlier.
- The end user receives mail only for signup and forgotten password-related use cases.
- DKIM is enabled to avoid mail bounces.
- How can recipients opt out of receiving emails from you?
- Users can report mail as spam. This will put the user's email address in the account-level suppression list. Emails will not be sent to email IDs in the suppression list.
- What type of email (for example, transactional notifications, marketing content, or system notifications) do you plan to send with Amazon SES?
- Account registration verification
- Forgot password functionality
- Email change for the account
- What is the URL of your website?
- <your_company_name> (<company_domain_com>) (<company_full_domain_name>)
- for e.g., Espressif Systems (espressif.com)(https://www.espressif.com/)
Add Additional contacts, if you want to receive the reply to this support case on additional email addresses.
Click on Acknowledgement and submit the request.
- This will open a support case with the AWS support team. You will receive an email from the AWS support team, once the request is processed. Generally, this request will be completed by the AWS support team in one day.
You can check the sandbox status of your account from the AWS SES console as well. The steps can be found here - Checking the sandbox status for your account
For additional information about AWS SES sandbox, please check AWS SES Sandbox documentation
3. Increasing the email sending limit
You may want to increase the daily email sending limit and email sending rate limit if you expect to receive more sign-up requests than your current limits. You can check your current limits with the steps given in AWS documentation: Check SES Sending Quotas
The steps to increase the email sending limits, follow these steps:
- Login to the AWS console and go to Service quotas
Select the RainMaker region
In the navigation pane, choose AWS services.
Search for Amazon SES.
- Select "Sending Quota".
- Click on "Request Increase".
Enter the desired quota value (the required maximum number of emails that you can send in a 24-hour period for this account in the current Region).
Click on "Request"
- AWS support team will review your request, and update you about the support case via email. You can also check the Sending quota with the steps given in the documentation: Check SES Sending Quotas
Configuring the SMS sending service
1. Getting the SNS region used by Cognito
RainMaker uses AWS SNS service for text messaging. This service is region-specific. You should move your account out of SMS sandbox and increase your SMS spending limit in the region which will be used by AWS Cognito to send the verification code messages to users. This region will be the region in which RainMaker is deployed for most of the cases.
If the region in which RainMaker is deployed is one of the regions mentioned below in the "RainMaker Regions" column, choose the corresponding Amazon SNS region to move the account out of SMS sandbox, use RainMaker region otherwise.
| RainMaker Regions | Amazon SNS Regions |
|---|---|
| Asia Pacific (Seoul) | Asia Pacific (Tokyo) |
For additional information, see the AWS docs for SMS text messaging.
2. Moving out of SMS Sandbox
This step is required only if you want to support mobile number-based authentication.
When your account is in SMS sandbox in a particular region, you can send SMS messages only to verified destination phone numbers. You should move your account out of sandbox to send SMS messages to any phone number.
You should move your account out of SMS sandbox in the region from where Cognito will send message to your users.
The steps to move out of SMS sandbox are as follows:
Login to AWS console and go to SNS service console.
Select "Text Messaging(SMS)".
- Scroll down and check SMS sandbox status for your account.
If your account is in Sandbox, click on "Exit SMS Sandbox".
Fill out the case details form.
Provide the link of your application or provide RainMaker website URL - https://rainmaker.espressif.com
For "What type of messages do you plan to send?", select "One Time Password".
For "Which AWS Region will you be sending messages from?", select the region closest to RainMaker deployment region.
For "Which countries do you plan to send messages to?", provide the list of countries where your end users are located.
For "How do your customers opt to receive messages from you? Provide specific information about the opt-in process", enter below details:
"We are using SNS text messaging with AWS Cognito to send verification code to the user for sign up and forgot password requests. Messages are sent only when user provides the mobile number for sign up or forgot password requests."
- For "Please provide the message template that you plan to use to send messages to your customers", provide the message template that you will use, if you will be using the default message template, enter the below text:
"Your verification code is {####}."
Scroll down and go to Requests Section.
Select the SNS region that will be used by Cognito. Check the previous section Getting the SNS region used by Cognito.
In the resource type, select "General Limits".
For "Limit", select "Exit SMS Sandbox".
In the use case description, enter - "Our application uses AWS Cognito for user authentication/ We are using mobile number-based authentication. Cognito uses AWS SNS Text messaging to send verification code to users. For this use case, please move the account out of SMS sandbox".
Click on Submit.
AWS team will review your request and update you regarding your support case through email.
3. Increasing the SMS Sending Limit
If you want to opt for mobile number-based authentication, it is required to increase the monthly SMS sending limit of AWS SNS.
The default SMS spending limit of AWS SNS is 1$ per month. You can decide the desired spending limit according to the number of SMS you expect to send per month. Please check AWS SNS pricing for details.
The steps to open a support case to increase SMS sending limit:
- Login to AWS Console and click on the Support Center
- Click on Create Case, choose the option- Service Limit Increase. In Case details, Search for "SNS Text Messaging".
- Enter the required details.
- For message type, select "One Time Password".
- For AWS Region, select the SNS region that will be used by Cognito. Check the section Getting the SNS region used by Cognito.
- You may keep other fields blank.
- In the requests section, select the region in which RainMaker is deployed.
- For case description, add the below details:
Please move the AWS account out of the SNS sandbox and increase the monthly spending limit to <desired_value>$.
Message Type: One Time Password
- You will receive an email from the AWS support team, once the request is processed.
Once the request is processed, increasing the SMS sending limit from the SNS console is also required. Please proceed to the next section to increase the SMS sending limit from the SNS console.
The steps to increase the SMS sending limit
Login to AWS console, and go to SNS(Simple Notification Service) console.
From the left-hand side menu, click on Text Messaging(SMS).
- Scroll down to the "Delivery status logs" section, and click on Edit Preferences.
For Default message type, select transactional.
For the Account spend limit, enter the desired spend limit. The account spend limit should not exceed the spending limit requested in the Support center in the last step.
Keep other fields blank.
- Click on Save changes.
Increasing the lambda concurrency limit
It is required to check the lambda concurrency limit before deployment.
- Below are the steps to check the lambda concurrency value.
- Login to AWS Console and search for Lambda service.
- On the left navigation bar -> Click on Dashboard.
- Here, you will get the full account concurrency value.
If the default value is less than 1000, you need to raise the AWS support case requesting to increase the value.
Below are the steps for raising a Support ticket
Go to your AWS console and search for "Support"
Then click on "Create Case"
Then select "Service limit increase’ and then select Limit Type as "Lambda" as shown below:
Then fill in the case details:
Add the request:
- Select your deployment region
- Limit: Concurrent Requests (Expected Duration * Expected Requests per Second)
- New Limit Value: 1000
Add Case Description.
We are trying to deploy our product: https://rainmaker.espressif.com/ Since the current concurrency limit is 10, we cannot deploy our product. Can you please set the concurrency limit to 1000?
Submit the request.
Configuring Domain key Identified Mail (Optional)
Many times it is observed that when the users sign-up or perform actions like forgot password, etc. the mails from SES go into the Spam Email folder. It becomes difficult for the users to log in and perform the required actions with the RainMaker app and the platform.
One of the possible solutions is to configure the Domain Key Identified Mail (DKIM)
These steps need to be performed from the AWS SES console.
The domain identity should be created and verified according to the below documentation: AWS SES DKIM Create and Verify Domain This domain should be the same as that of the domain of SES verified email.
Follow the below AWS documentation for Easy DKIM configuration: AWS SES DKIM Configuration doc