Loading sms-notify.tf +65 −17 Original line number Diff line number Diff line # vi: ft=tf variable "messagebird_access_key" { description = "MessageBird API access key." sensitive = true } variable "send_sms_notifications" { default = true description = "Whether or not to send SMS notifications." type = bool } output "send_sms_notifications" { description = "Whether or not to send SMS notifications." value = var.send_sms_notifications } resource "aws_ssm_parameter" "send_sms_notifications" { name = "${local.module}/${local.env}/send_sms_notifications" type = "String" value = tostring(var.send_sms_notifications) } resource "aws_lambda_function" "sms_notify" { # checkov:skip=CKV_AWS_50 # checkov:skip=CKV_AWS_116 Loading @@ -10,7 +29,7 @@ resource "aws_lambda_function" "sms_notify" { # checkov:skip=CKV_AWS_173 runtime = var.runtime function_name = "${local.function_name_prefix}-sms-notify" role = local.lambda_role_arn role = aws_iam_role.sms_notify.arn source_code_hash = filebase64sha256("payload.zip") s3_bucket = local.payloads_bucket_name s3_key = local.payload_object_name Loading @@ -30,6 +49,7 @@ resource "aws_lambda_function" "sms_notify" { VERSION = local.payload_object_version MSGBIRD_ACCESS_KEY = var.messagebird_access_key TO_NUMBER = local.my_phone_number SEND_SMS_NOTIFICATIONS_PARAM = aws_ssm_parameter.send_sms_notifications.name } } Loading Loading @@ -130,28 +150,56 @@ data "aws_iam_policy_document" "sms_notify" { resources = [local.sms_notify_log_group_arn, ] } statement { effect = "Allow" actions = [ "ssm:GetParametersByPath", ] resources = [aws_ssm_parameter.send_sms_notifications.arn] } } locals { sms_notify_log_policy_doc = data.aws_iam_policy_document.sms_notify.json } resource "aws_iam_policy" "sms_notify_log" { name = "${local.module}-${local.env}-sms-notify-log" resource "aws_iam_policy" "sms_notify" { name = "${local.module}-${local.env}-sms-notify" policy = local.sms_notify_log_policy_doc } locals { sms_notify_log_policy_arn = aws_iam_policy.log.arn sms_notify_log_policy_name = aws_iam_policy.log.name sms_notify_policy_arn = aws_iam_policy.log.arn sms_notify_policy_name = aws_iam_policy.log.name } output "sms_notify_log_policy_arn" { value = local.sms_notify_log_policy_arn description = "CloudWatch log IAM policy for SMS notifications ARN." output "sms_notify_policy_arn" { value = local.sms_notify_policy_arn description = "AM policy for SMS notifications ARN." } output "sms_notify_policy_name" { value = local.sms_notify_policy_name description = "IAM policy for SMS notifications name." } resource "aws_iam_role" "sms_notify" { name = "${local.name}-sms-notify" assume_role_policy = local.lambda_assume_policy_doc } locals { sms_notify_policies = [ local.sms_notify_policy_arn, "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ] } output "sms_notify_log_policy_name" { value = local.sms_notify_log_policy_name description = "CloudWatch log IAM policy for SMS notifications name." resource "aws_iam_role_policy_attachment" "sms_notify" { count = length(local.sms_notify_policies) role = aws_iam_role.sms_notify.name policy_arn = local.sms_notify_policies[count.index] } src/sms_notify.py +17 −0 Original line number Diff line number Diff line import os import boto3 # pylint: disable=import-error import messagebird # pylint: disable=import-error Loading @@ -6,8 +7,24 @@ MSGBIRD_ACCESS_KEY = os.environ["MSGBIRD_ACCESS_KEY"] TO_NUMBER = os.environ["TO_NUMBER"] def send_notifications(): """Check if sending SMSes is enabled.""" try: param_path = os.environ["SEND_SMS_NOTIFICATIONS_PARAM"] client = boto3.client("ssm") param = client.get_parameters_by_path( Path=param_path, recursive=False, WithDecryption=False )["Parameters"][0] return param["Value"].tolower == "true" except Exception: # pylint: disable=broad-except return True # pylint: disable=unused-argument def handler(event, context): if not send_notifications(): print("Sending notification is disabled.") return message = event["Records"][0]["Sns"]["Message"] client = messagebird.Client(MSGBIRD_ACCESS_KEY) client.message_create( Loading Loading
sms-notify.tf +65 −17 Original line number Diff line number Diff line # vi: ft=tf variable "messagebird_access_key" { description = "MessageBird API access key." sensitive = true } variable "send_sms_notifications" { default = true description = "Whether or not to send SMS notifications." type = bool } output "send_sms_notifications" { description = "Whether or not to send SMS notifications." value = var.send_sms_notifications } resource "aws_ssm_parameter" "send_sms_notifications" { name = "${local.module}/${local.env}/send_sms_notifications" type = "String" value = tostring(var.send_sms_notifications) } resource "aws_lambda_function" "sms_notify" { # checkov:skip=CKV_AWS_50 # checkov:skip=CKV_AWS_116 Loading @@ -10,7 +29,7 @@ resource "aws_lambda_function" "sms_notify" { # checkov:skip=CKV_AWS_173 runtime = var.runtime function_name = "${local.function_name_prefix}-sms-notify" role = local.lambda_role_arn role = aws_iam_role.sms_notify.arn source_code_hash = filebase64sha256("payload.zip") s3_bucket = local.payloads_bucket_name s3_key = local.payload_object_name Loading @@ -30,6 +49,7 @@ resource "aws_lambda_function" "sms_notify" { VERSION = local.payload_object_version MSGBIRD_ACCESS_KEY = var.messagebird_access_key TO_NUMBER = local.my_phone_number SEND_SMS_NOTIFICATIONS_PARAM = aws_ssm_parameter.send_sms_notifications.name } } Loading Loading @@ -130,28 +150,56 @@ data "aws_iam_policy_document" "sms_notify" { resources = [local.sms_notify_log_group_arn, ] } statement { effect = "Allow" actions = [ "ssm:GetParametersByPath", ] resources = [aws_ssm_parameter.send_sms_notifications.arn] } } locals { sms_notify_log_policy_doc = data.aws_iam_policy_document.sms_notify.json } resource "aws_iam_policy" "sms_notify_log" { name = "${local.module}-${local.env}-sms-notify-log" resource "aws_iam_policy" "sms_notify" { name = "${local.module}-${local.env}-sms-notify" policy = local.sms_notify_log_policy_doc } locals { sms_notify_log_policy_arn = aws_iam_policy.log.arn sms_notify_log_policy_name = aws_iam_policy.log.name sms_notify_policy_arn = aws_iam_policy.log.arn sms_notify_policy_name = aws_iam_policy.log.name } output "sms_notify_log_policy_arn" { value = local.sms_notify_log_policy_arn description = "CloudWatch log IAM policy for SMS notifications ARN." output "sms_notify_policy_arn" { value = local.sms_notify_policy_arn description = "AM policy for SMS notifications ARN." } output "sms_notify_policy_name" { value = local.sms_notify_policy_name description = "IAM policy for SMS notifications name." } resource "aws_iam_role" "sms_notify" { name = "${local.name}-sms-notify" assume_role_policy = local.lambda_assume_policy_doc } locals { sms_notify_policies = [ local.sms_notify_policy_arn, "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ] } output "sms_notify_log_policy_name" { value = local.sms_notify_log_policy_name description = "CloudWatch log IAM policy for SMS notifications name." resource "aws_iam_role_policy_attachment" "sms_notify" { count = length(local.sms_notify_policies) role = aws_iam_role.sms_notify.name policy_arn = local.sms_notify_policies[count.index] }
src/sms_notify.py +17 −0 Original line number Diff line number Diff line import os import boto3 # pylint: disable=import-error import messagebird # pylint: disable=import-error Loading @@ -6,8 +7,24 @@ MSGBIRD_ACCESS_KEY = os.environ["MSGBIRD_ACCESS_KEY"] TO_NUMBER = os.environ["TO_NUMBER"] def send_notifications(): """Check if sending SMSes is enabled.""" try: param_path = os.environ["SEND_SMS_NOTIFICATIONS_PARAM"] client = boto3.client("ssm") param = client.get_parameters_by_path( Path=param_path, recursive=False, WithDecryption=False )["Parameters"][0] return param["Value"].tolower == "true" except Exception: # pylint: disable=broad-except return True # pylint: disable=unused-argument def handler(event, context): if not send_notifications(): print("Sending notification is disabled.") return message = event["Records"][0]["Sns"]["Message"] client = messagebird.Client(MSGBIRD_ACCESS_KEY) client.message_create( Loading