AWS solutions documentation change
Summary
Added troubleshooting section for users not receiving invitation emails due to Amazon Cognito's 50-email daily limit and provided solution to switch to Amazon SES. Also updated SageMaker training job quota reference from ml.c5.4xlarge to ml.c7i.4xlarge.
Security assessment
The change addresses a service limitation (Cognito email quota) and provides operational guidance for increasing email throughput. There is no evidence of a security vulnerability, exploit, or incident being addressed. The change is about service quotas and configuration options, not security remediation.
Diff
diff --git a/solutions/latest/deepracer-on-aws/troubleshooting-the-solution.md b/solutions/latest/deepracer-on-aws/troubleshooting-the-solution.md index 7ed1e778b..efcdb6512 100644 --- a//solutions/latest/deepracer-on-aws/troubleshooting-the-solution.md +++ b//solutions/latest/deepracer-on-aws/troubleshooting-the-solution.md @@ -20,0 +21,6 @@ This issue can occur when CloudFront or the WAF (Web Application Firewall) is se + 3. _When I invite a user to DeepRacer on AWS as an admin, the user does not receive an invitation email_ + +This can occur when your deployment is configured to use Amazon Cognito as the delivery method for authentication emails. Amazon Cognito has a limit of 50 emails per day per account, which includes invitation emails and password reset emails. A cloud admin can check whether this limit is being exceeded by accessing the CloudWatch Management Console > Metrics > All metrics > "DeepRacerOnAWS/Email" under Custom namespaces. If the value shown is greater than or equal to 50, then email volume has exceeded the daily limit for Cognito. + +If more throughput is needed, a cloud admin may consider switching to Amazon SES as the delivery method for authentication emails. This carries certain [Prerequisites](https://docs.aws.amazon.com/solutions/latest/deepracer-on-aws/prerequisites.html) such as setting up a verified sender email and requesting production access for your account, but will remove the daily limit for sending authentication emails. Once the prerequisites are satisfied, a cloud admin can make this change (via AWS Launch Wizard, Amazon CloudFormation, or AWS CDK commands) by updating the application and selecting SES instead of Cognito for the delivery method, and providing a verified email address. + @@ -52 +58 @@ This issue can occur when CloudFront or the WAF (Web Application Firewall) is se -This can be caused by the underlying AWS account reaching its service quota limit for Amazon SageMaker AI training jobs. This can cause training jobs to be delayed, especially if your deployment often experiences high traffic volumes or burst traffic. _For cloud admins:_ Try requesting a service limit increase through the [Service Quotas console](https://console.aws.amazon.com/servicequotas/) by selecting Amazon SageMaker and requesting an increase for the _ml.c5.4xlarge for training job usage_ quota. +This can be caused by the underlying AWS account reaching its service quota limit for Amazon SageMaker AI training jobs. This can cause training jobs to be delayed, especially if your deployment often experiences high traffic volumes or burst traffic. _For cloud admins:_ Try requesting a service limit increase through the [Service Quotas console](https://console.aws.amazon.com/servicequotas/) by selecting Amazon SageMaker and requesting an increase for the _ml.c7i.4xlarge for training job usage_ quota.