Your cart is currently empty!
Resolving UNVERIFIED Messages When Using AWS SNS and New Sender IDs
Introduction
If you’ve been using Amazon Simple Notification Service (SNS) to send SMS messages, you might encounter an issue where messages are received as “UNVERIFIED.” This can be a common problem, especially when you start using a new sender ID. In this blog post, we’ll explore why this happens and how you can resolve it.
Understanding the Issue
The issue arises because of changes in the way AWS manages permissions for sender IDs. With the introduction of the AWS End User Messaging service, each sender ID or phone number now requires specific resource policies to grant the necessary permissions for sending messages. Without these permissions, messages sent using the new sender ID will appear as “UNVERIFIED” to the recipients.
Steps to Resolve the Issue
To ensure that your messages are correctly verified, follow these steps:
- Enable SNS-SMS CloudWatch Delivery Status Logs: Monitoring your SMS delivery status is crucial for troubleshooting issues. By enabling SNS-SMS delivery logs, you can gain insights into the delivery process and identify any problems.
- How to Enable SNS-SMS Delivery Logs: AWS Knowledge Center Delivery status for SMS creates two CloudWatch Log Groups:
- Successful:
sns/Region/Account_Number/DirectPublishToPhoneNumber
- Failed:
sns/Region/Account_Number/DirectPublishToPhoneNumber/Failure
- Grant Necessary Permissions to the Sender ID: AWS now requires specific resource policies for sender IDs. You need to configure these policies to allow Amazon SNS and Amazon Pinpoint to send messages using your sender ID.
- Navigate to the AWS End User Messaging SMS Service Page:
- Go to the AWS Management Console.
- Select the sender ID under the “Configurations” section.
- Configure the Resource Policy:
- Select the sender ID.Go to the “Resource policy” tab.If no policy is associated, click on “Edit.”Add the following policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": "sms-voice:SendTextMessage",
"Resource": "{required details: arn:aws:sms-voice:ap-southeast-2:account-id:sender-id/sender-name/region}",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{required details: account-id}"
}
}
},
{
"Effect": "Allow",
"Principal": {
"Service": "pinpoint.amazonaws.com"
},
"Action": "sms-voice:SendTextMessage",
"Resource": "{required details: arn:aws:sms-voice:ap-southeast-2:account-id:sender-id/sender-name/region}",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "{required details: account-id}"
}
}
}
]
}
In this policy:
- Resource: Make sure to replace
{required details: arn:aws:sms-voice:ap-southeast-2:account-id:sender-id/sender-name/region}
with your actual Amazon Resource Name (ARN) details. - aws:SourceAccount: Ensure
{required details: account-id}
matches your specific AWS account ID.
Testing and Verification: After updating the resource policy, send a few test messages to ensure that the issue is resolved. If the problem persists, collect CloudWatch logs for further analysis. The logs will provide detailed information, including provider response, message ID, and timestamp, which can be helpful for troubleshooting.
If you need help, be sure to get in contact 😀
by
Tags:
Leave a Reply