Commit 2270a2d4 authored by nimrod's avatar nimrod
Browse files

Allow disabling SMS messages.

Set a parameter in SSM to enable/ disable SMS notifications.
parent 73b535c7
Loading
Loading
Loading
Loading
Loading
+65 −17
Original line number Diff line number Diff line
# vi: ft=tf

variable "messagebird_access_key" {
  description = "MessageBird API access key."
  sensitive   = true
}

variable "send_sms_notifications" {
  default     = true
  description = "Whether or not to send SMS notifications."
  type        = bool
}

output "send_sms_notifications" {
  description = "Whether or not to send SMS notifications."
  value       = var.send_sms_notifications
}

resource "aws_ssm_parameter" "send_sms_notifications" {
  name  = "${local.module}/${local.env}/send_sms_notifications"
  type  = "String"
  value = tostring(var.send_sms_notifications)
}

resource "aws_lambda_function" "sms_notify" {
  # checkov:skip=CKV_AWS_50
  # checkov:skip=CKV_AWS_116
@@ -10,7 +29,7 @@ resource "aws_lambda_function" "sms_notify" {
  # checkov:skip=CKV_AWS_173
  runtime                        = var.runtime
  function_name                  = "${local.function_name_prefix}-sms-notify"
  role                           = local.lambda_role_arn
  role                           = aws_iam_role.sms_notify.arn
  source_code_hash               = filebase64sha256("payload.zip")
  s3_bucket                      = local.payloads_bucket_name
  s3_key                         = local.payload_object_name
@@ -30,6 +49,7 @@ resource "aws_lambda_function" "sms_notify" {
      VERSION                      = local.payload_object_version
      MSGBIRD_ACCESS_KEY           = var.messagebird_access_key
      TO_NUMBER                    = local.my_phone_number
      SEND_SMS_NOTIFICATIONS_PARAM = aws_ssm_parameter.send_sms_notifications.name
    }
  }

@@ -130,28 +150,56 @@ data "aws_iam_policy_document" "sms_notify" {

    resources = [local.sms_notify_log_group_arn, ]
  }

  statement {
    effect = "Allow"

    actions = [
      "ssm:GetParametersByPath",
    ]

    resources = [aws_ssm_parameter.send_sms_notifications.arn]
  }
}

locals {
  sms_notify_log_policy_doc = data.aws_iam_policy_document.sms_notify.json
}

resource "aws_iam_policy" "sms_notify_log" {
  name   = "${local.module}-${local.env}-sms-notify-log"
resource "aws_iam_policy" "sms_notify" {
  name   = "${local.module}-${local.env}-sms-notify"
  policy = local.sms_notify_log_policy_doc
}

locals {
  sms_notify_log_policy_arn  = aws_iam_policy.log.arn
  sms_notify_log_policy_name = aws_iam_policy.log.name
  sms_notify_policy_arn  = aws_iam_policy.log.arn
  sms_notify_policy_name = aws_iam_policy.log.name
}

output "sms_notify_log_policy_arn" {
  value       = local.sms_notify_log_policy_arn
  description = "CloudWatch log IAM policy for SMS notifications ARN."
output "sms_notify_policy_arn" {
  value       = local.sms_notify_policy_arn
  description = "AM policy for SMS notifications ARN."
}

output "sms_notify_policy_name" {
  value       = local.sms_notify_policy_name
  description = "IAM policy for SMS notifications name."
}

resource "aws_iam_role" "sms_notify" {
  name               = "${local.name}-sms-notify"
  assume_role_policy = local.lambda_assume_policy_doc
}

locals {
  sms_notify_policies = [
    local.sms_notify_policy_arn,
    "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
  ]
}

output "sms_notify_log_policy_name" {
  value       = local.sms_notify_log_policy_name
  description = "CloudWatch log IAM policy for SMS notifications name."
resource "aws_iam_role_policy_attachment" "sms_notify" {
  count      = length(local.sms_notify_policies)
  role       = aws_iam_role.sms_notify.name
  policy_arn = local.sms_notify_policies[count.index]
}
+17 −0
Original line number Diff line number Diff line
import os
import boto3  # pylint: disable=import-error
import messagebird  # pylint: disable=import-error


@@ -6,8 +7,24 @@ MSGBIRD_ACCESS_KEY = os.environ["MSGBIRD_ACCESS_KEY"]
TO_NUMBER = os.environ["TO_NUMBER"]


def send_notifications():
    """Check if sending SMSes is enabled."""
    try:
        param_path = os.environ["SEND_SMS_NOTIFICATIONS_PARAM"]
        client = boto3.client("ssm")
        param = client.get_parameters_by_path(
            Path=param_path, recursive=False, WithDecryption=False
        )["Parameters"][0]
        return param["Value"].tolower == "true"
    except Exception:  # pylint: disable=broad-except
        return True


# pylint: disable=unused-argument
def handler(event, context):
    if not send_notifications():
        print("Sending notification is disabled.")
        return
    message = event["Records"][0]["Sns"]["Message"]
    client = messagebird.Client(MSGBIRD_ACCESS_KEY)
    client.message_create(