Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
A
Am I live
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
shore
Am I live
Commits
2270a2d4
Commit
2270a2d4
authored
2 years ago
by
nimrod
Browse files
Options
Downloads
Patches
Plain Diff
Allow disabling SMS messages.
Set a parameter in SSM to enable/ disable SMS notifications.
parent
73b535c7
No related branches found
No related tags found
No related merge requests found
Pipeline
#3085
failed
2 years ago
Stage: .pre
Stage: build
Stage: test
Stage: deploy
Changes
2
Pipelines
1
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
sms-notify.tf
+65
-17
65 additions, 17 deletions
sms-notify.tf
src/sms_notify.py
+17
-0
17 additions, 0 deletions
src/sms_notify.py
with
82 additions
and
17 deletions
sms-notify.tf
+
65
−
17
View file @
2270a2d4
# vi: ft=tf
variable
"messagebird_access_key"
{
description
=
"MessageBird API access key."
sensitive
=
true
}
variable
"send_sms_notifications"
{
default
=
true
description
=
"Whether or not to send SMS notifications."
type
=
bool
}
output
"send_sms_notifications"
{
description
=
"Whether or not to send SMS notifications."
value
=
var
.
send_sms_notifications
}
resource
"aws_ssm_parameter"
"send_sms_notifications"
{
name
=
"
${
local
.
module
}
/
${
local
.
env
}
/send_sms_notifications"
type
=
"String"
value
=
tostring
(
var
.
send_sms_notifications
)
}
resource
"aws_lambda_function"
"sms_notify"
{
# checkov:skip=CKV_AWS_50
# checkov:skip=CKV_AWS_116
...
...
@@ -10,7 +29,7 @@ resource "aws_lambda_function" "sms_notify" {
# checkov:skip=CKV_AWS_173
runtime
=
var
.
runtime
function_name
=
"
${
local
.
function_name_prefix
}
-sms-notify"
role
=
local
.
lambda_role_
arn
role
=
aws_iam_role
.
sms_notify
.
arn
source_code_hash
=
filebase64sha256
(
"payload.zip"
)
s3_bucket
=
local
.
payloads_bucket_name
s3_key
=
local
.
payload_object_name
...
...
@@ -30,6 +49,7 @@ resource "aws_lambda_function" "sms_notify" {
VERSION
=
local
.
payload_object_version
MSGBIRD_ACCESS_KEY
=
var
.
messagebird_access_key
TO_NUMBER
=
local
.
my_phone_number
SEND_SMS_NOTIFICATIONS_PARAM
=
aws_ssm_parameter
.
send_sms_notifications
.
name
}
}
...
...
@@ -130,28 +150,56 @@ data "aws_iam_policy_document" "sms_notify" {
resources
=
[
local
.
sms_notify_log_group_arn
,
]
}
statement
{
effect
=
"Allow"
actions
=
[
"ssm:GetParametersByPath"
,
]
resources
=
[
aws_ssm_parameter
.
send_sms_notifications
.
arn
]
}
}
locals
{
sms_notify_log_policy_doc
=
data
.
aws_iam_policy_document
.
sms_notify
.
json
}
resource
"aws_iam_policy"
"sms_notify
_log
"
{
name
=
"
${
local
.
module
}
-
${
local
.
env
}
-sms-notify
-log
"
resource
"aws_iam_policy"
"sms_notify"
{
name
=
"
${
local
.
module
}
-
${
local
.
env
}
-sms-notify"
policy
=
local
.
sms_notify_log_policy_doc
}
locals
{
sms_notify_
log_
policy_arn
=
aws_iam_policy
.
log
.
arn
sms_notify_
log_
policy_name
=
aws_iam_policy
.
log
.
name
sms_notify_policy_arn
=
aws_iam_policy
.
log
.
arn
sms_notify_policy_name
=
aws_iam_policy
.
log
.
name
}
output
"sms_notify_log_policy_arn"
{
value
=
local
.
sms_notify_log_policy_arn
description
=
"CloudWatch log IAM policy for SMS notifications ARN."
output
"sms_notify_policy_arn"
{
value
=
local
.
sms_notify_policy_arn
description
=
"AM policy for SMS notifications ARN."
}
output
"sms_notify_policy_name"
{
value
=
local
.
sms_notify_policy_name
description
=
"IAM policy for SMS notifications name."
}
resource
"aws_iam_role"
"sms_notify"
{
name
=
"
${
local
.
name
}
-sms-notify"
assume_role_policy
=
local
.
lambda_assume_policy_doc
}
locals
{
sms_notify_policies
=
[
local
.
sms_notify_policy_arn
,
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
,
]
}
output
"sms_notify_log_policy_name"
{
value
=
local
.
sms_notify_log_policy_name
description
=
"CloudWatch log IAM policy for SMS notifications name."
resource
"aws_iam_role_policy_attachment"
"sms_notify"
{
count
=
length
(
local
.
sms_notify_policies
)
role
=
aws_iam_role
.
sms_notify
.
name
policy_arn
=
local
.
sms_notify_policies
[
count
.
index
]
}
This diff is collapsed.
Click to expand it.
src/sms_notify.py
+
17
−
0
View file @
2270a2d4
import
os
import
boto3
# pylint: disable=import-error
import
messagebird
# pylint: disable=import-error
...
...
@@ -6,8 +7,24 @@ MSGBIRD_ACCESS_KEY = os.environ["MSGBIRD_ACCESS_KEY"]
TO_NUMBER
=
os
.
environ
[
"
TO_NUMBER
"
]
def
send_notifications
():
"""
Check if sending SMSes is enabled.
"""
try
:
param_path
=
os
.
environ
[
"
SEND_SMS_NOTIFICATIONS_PARAM
"
]
client
=
boto3
.
client
(
"
ssm
"
)
param
=
client
.
get_parameters_by_path
(
Path
=
param_path
,
recursive
=
False
,
WithDecryption
=
False
)[
"
Parameters
"
][
0
]
return
param
[
"
Value
"
].
tolower
==
"
true
"
except
Exception
:
# pylint: disable=broad-except
return
True
# pylint: disable=unused-argument
def
handler
(
event
,
context
):
if
not
send_notifications
():
print
(
"
Sending notification is disabled.
"
)
return
message
=
event
[
"
Records
"
][
0
][
"
Sns
"
][
"
Message
"
]
client
=
messagebird
.
Client
(
MSGBIRD_ACCESS_KEY
)
client
.
message_create
(
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
