Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
sms-notify.tf
View file @ 2270a2d4
# vi: ft=tf
variable "messagebird_access_key" { variable "messagebird_access_key" {
description = "MessageBird API access key." description = "MessageBird API access key."
sensitive = true sensitive = true
} }
# It would have been nicer to buy the phone number with Terraform and the variable "send_sms_notifications" {
# Twilio provider. unfortunately the sign up for the provider is closed right default = true
# now. So instead the friendly name, that's something. description = "Whether or not to send SMS notifications."
variable "twilio_from_number" { type = bool
default = "AmILive" }
description = "Twilio from phone number."
output "send_sms_notifications" {
description = "Whether or not to send SMS notifications."
value = var.send_sms_notifications
}
resource "aws_ssm_parameter" "send_sms_notifications" {
name = "${local.module}/${local.env}/send_sms_notifications"
type = "String"
value = tostring(var.send_sms_notifications)
} }
resource "aws_lambda_function" "sms_notify" { resource "aws_lambda_function" "sms_notify" {
...@@ -18,26 +29,27 @@ resource "aws_lambda_function" "sms_notify" { ...@@ -18,26 +29,27 @@ resource "aws_lambda_function" "sms_notify" {
# checkov:skip=CKV_AWS_173 # checkov:skip=CKV_AWS_173
runtime = var.runtime runtime = var.runtime
function_name = "${local.function_name_prefix}-sms-notify" function_name = "${local.function_name_prefix}-sms-notify"
role = local.lambda_role_arn role = aws_iam_role.sms_notify.arn
source_code_hash = filebase64sha256("payload.zip") source_code_hash = filebase64sha256("payload.zip")
s3_bucket = local.payloads_bucket_name s3_bucket = local.payloads_bucket_name
s3_key = local.payload_object_name s3_key = local.payload_object_name
s3_object_version = local.payload_object_version s3_object_version = local.payload_object_version
package_type = "Zip" package_type = "Zip"
handler = "sms_notify.handler" handler = "sms_notify.handler"
description = "Send SMS message notification using Twilio." description = "Send SMS message notification using MessageBird."
memory_size = var.memory_size memory_size = var.memory_size
reserved_concurrent_executions = -1 reserved_concurrent_executions = -1
timeout = var.timeout timeout = var.timeout
environment { environment {
variables = { variables = {
ENV = local.env ENV = local.env
MODULE = local.module MODULE = local.module
TOPIC_ARN = local.topic_arn TOPIC_ARN = local.topic_arn
VERSION = local.payload_object_version VERSION = local.payload_object_version
MSGBIRD_ACCESS_KEY = var.messagebird_access_key MSGBIRD_ACCESS_KEY = var.messagebird_access_key
TO_NUMBER = local.my_phone_number TO_NUMBER = local.my_phone_number
SEND_SMS_NOTIFICATIONS_PARAM = aws_ssm_parameter.send_sms_notifications.name
} }
} }
...@@ -138,28 +150,56 @@ data "aws_iam_policy_document" "sms_notify" { ...@@ -138,28 +150,56 @@ data "aws_iam_policy_document" "sms_notify" {
resources = [local.sms_notify_log_group_arn, ] resources = [local.sms_notify_log_group_arn, ]
} }
statement {
effect = "Allow"
actions = [
"ssm:GetParametersByPath",
]
resources = [aws_ssm_parameter.send_sms_notifications.arn]
}
} }
locals { locals {
sms_notify_log_policy_doc = data.aws_iam_policy_document.sms_notify.json sms_notify_log_policy_doc = data.aws_iam_policy_document.sms_notify.json
} }
resource "aws_iam_policy" "sms_notify_log" { resource "aws_iam_policy" "sms_notify" {
name = "${local.module}-${local.env}-sms-notify-log" name = "${local.module}-${local.env}-sms-notify"
policy = local.sms_notify_log_policy_doc policy = local.sms_notify_log_policy_doc
} }
locals { locals {
sms_notify_log_policy_arn = aws_iam_policy.log.arn sms_notify_policy_arn = aws_iam_policy.log.arn
sms_notify_log_policy_name = aws_iam_policy.log.name sms_notify_policy_name = aws_iam_policy.log.name
}
output "sms_notify_policy_arn" {
value = local.sms_notify_policy_arn
description = "AM policy for SMS notifications ARN."
}
output "sms_notify_policy_name" {
value = local.sms_notify_policy_name
description = "IAM policy for SMS notifications name."
}
resource "aws_iam_role" "sms_notify" {
name = "${local.name}-sms-notify"
assume_role_policy = local.lambda_assume_policy_doc
} }
output "sms_notify_log_policy_arn" { locals {
value = local.sms_notify_log_policy_arn sms_notify_policies = [
description = "CloudWatch log IAM policy for SMS notifications ARN." local.sms_notify_policy_arn,
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
]
} }
output "sms_notify_log_policy_name" { resource "aws_iam_role_policy_attachment" "sms_notify" {
value = local.sms_notify_log_policy_name count = length(local.sms_notify_policies)
description = "CloudWatch log IAM policy for SMS notifications name." role = aws_iam_role.sms_notify.name
policy_arn = local.sms_notify_policies[count.index]
} }
src/sms_notify.py
View file @ 2270a2d4
import os import os
import boto3 # pylint: disable=import-error
import messagebird # pylint: disable=import-error import messagebird # pylint: disable=import-error
...@@ -6,8 +7,24 @@ MSGBIRD_ACCESS_KEY = os.environ["MSGBIRD_ACCESS_KEY"] ...@@ -6,8 +7,24 @@ MSGBIRD_ACCESS_KEY = os.environ["MSGBIRD_ACCESS_KEY"]
TO_NUMBER = os.environ["TO_NUMBER"] TO_NUMBER = os.environ["TO_NUMBER"]
def send_notifications():
"""Check if sending SMSes is enabled."""
try:
param_path = os.environ["SEND_SMS_NOTIFICATIONS_PARAM"]
client = boto3.client("ssm")
param = client.get_parameters_by_path(
Path=param_path, recursive=False, WithDecryption=False
)["Parameters"][0]
return param["Value"].tolower == "true"
except Exception: # pylint: disable=broad-except
return True
# pylint: disable=unused-argument # pylint: disable=unused-argument
def handler(event, context): def handler(event, context):
if not send_notifications():
print("Sending notification is disabled.")
return
message = event["Records"][0]["Sns"]["Message"] message = event["Records"][0]["Sns"]["Message"]
client = messagebird.Client(MSGBIRD_ACCESS_KEY) client = messagebird.Client(MSGBIRD_ACCESS_KEY)
client.message_create( client.message_create(
......