Add notifications-sms module to support SMS notifications

[jrpbc]

Ticket

Resolves #976

Changes

What was added, updated, or removed in this PR.

- Implements PinpointSMSVoiceV2 service resources
- Supports SMS configuration sets and opt-out lists
- Includes VPC endpoint for secure connectivity
- Provides IAM policies for SMS sending permissions
- Supports delivery receipt logging to CloudWatch

Context for reviewers

Testing instructions, background context, more in-depth details of the implementation, and anything else you'd like to call out or ask reviewers.

Testing

Provide evidence that the code works as expected. Explain what was done for testing and the results of the test plan. Include screenshots, GIF demos, shell commands or output to help show the changes working as expected. ProTip: you can drag and drop or paste images into this textbox.

Waiting for AWS to approve requested phone number +18665684902.

• Performed basic validation which includes:
  • Go to /sms-notifications -> use AWS provided receiver phone number +14254147755 (This phone number is for successful messages test); validated Cloudwatch logs for message success (TEXT_SUCCESS status)
  • Go to /sms-notifications -> use AWS provided receiver phone number +14254147167 (This phone number is for failure messages test); validated Cloudwatch logs for message failure (TEXT_BLOCKED status)

Preview environment for app-nextjs

• Service endpoint: https://p-256-app-nextjs-dev-688529323.us-east-1.elb.amazonaws.com
• Deployed commit: 599b06a

Preview environment for app

• Service endpoint: https://p-256-app-dev-1261677609.us-east-1.elb.amazonaws.com
• Deployed commit: 599b06a

Preview environment for app-flask

• Service endpoint: https://p-256-app-flask-dev-80272150.us-east-1.elb.amazonaws.com
• Deployed commit: b01e304

Preview environment for app-rails

• Service endpoint: https://p-256-app-rails-dev-24845359.us-east-1.elb.amazonaws.com
• Deployed commit: 599b06a

[doshitan]

This feels a little complex. Can you update the tech spec with tradeoffs/rationale and future considerations around some of the decisions? It looks like it's been updated a little bit, but a lot of context feels missing.

In particular, the "simulator" stuff doesn't feel very useful. Can we drop it?

[jrpbc]

Updated Tech Specs with: All Considerations; Implementation Options considered.

[doshitan]

Is it not possible to get this value from the created resource directly?

[jrpbc]

Due to the use of CloudFormation (via aws_cloudformation_stack) and the inability to fully control the timing of its execution, I was intermittently encountering the following error:
`Error: Provider produced inconsistent final plan

When expanding the plan for module.notifications_sms[0].aws_cloudformation_stack.sms_config_set to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .outputs: was known, but now unknown.
`
With the use of Terraform "data" here allows us to better control the timing and sequence of execution for the CloudFormation stack, preventing the provider from re-evaluating stack outputs in an inconsistent state and eliminating the intermittent plan inconsistency error.

[doshitan]

A few notes mostly around docs and some cleanup. But I think we are good to create the template PR.

[doshitan]

I think we can make this a select element populated by the rendering endpoint, with only the predefined simulator numbers by default.

(longer term we should probably better lock down the email testing endpoint as well, we don't really want to be a vehicle to spam people)

[jrpbc]

Restricting this to the simulator numbers here will prevent from testing approved phone numbers. I added an extra message to this form, specifying the phone numbers that can be used for testing if using simulator phone number as originator.

[doshitan]

The default in the template PR should be false.

[jrpbc]

Applied change

[doshitan]

Suggested change

	#SMS environment variables for notifications-sms module
	# SMS environment variables for notifications-sms module

[jrpbc]

Applied change

[doshitan]

Suggested change

	AWS Allows to use **simulator** phone numbers as originator to send text. This simulator phone numbers are only allowed to send SMS text to:
	AWS Allows to use **simulator** phone numbers as originator to send text. This simulator phone numbers are only allowed to send SMS text to:

[jrpbc]

Applied change

[doshitan]

Can we point to the above Simulator Phone Numbers section rather than duplicating?

[jrpbc]

Applied change

[doshitan]

Suggested change

	In sandbox environments, you can only send SMS to up to 10 verified phone numbers. Steps to register destination phone numbers:
	In sandbox environments, you can only send SMS to up to 10 verified phone numbers. Steps to register destination phone numbers:

[jrpbc]

Applied change

[doshitan]

All provisioned originating phone numbers require a AWS End User Messaging Registration form to be completed

Still makes it sound like every phone number will need a registration form completed at first glance. Can we clarify?

Suggested change

	1. **AWS End User Messaging SMS Registration**: All provisioned originating phone numbers require a AWS End User Messaging Registration form to be completed in the AWS End User Messaging Service, and approved by the AWS phone carrier. Without an approved Registration, originating phone numbers cannot be provisioned.
	1. **AWS End User Messaging SMS Registration**: All provisioned originating phone numbers require a AWS End User Messaging Registration form to be completed in the AWS End User Messaging Service, and approved by the AWS phone carrier. Without an approved Registration, originating phone numbers cannot be provisioned.

[jrpbc]

Changed the description of the AWS End User Messaging Registration and its purpose and process

[doshitan]

Suggested change

	### 3. Deploy SMS notification infrastructure
	### 3. Deploy SMS notification infrastructure

[doshitan]

Suggested change

	### 1. Verify Destination Numbers (Sandbox Accounts)
	### 1. Verify Destination Numbers (Sandbox Accounts)

[doshitan]

The specific environments will vary by project, can we just point back up to the "Configure SMS settings" section?

[doshitan]

Suggested change

	- Phone numbers must be provisioned by AWS through the End User Messaging service. You cannot bring existing phone numbers from other carriers or services.
	- Phone numbers must be provisioned by AWS through the End User Messaging service. You cannot bring existing phone numbers from other carriers or services.

[doshitan]

Suggested change

	**Important Regional Considerations:**
	**Important Considerations:**

[doshitan]

These feel like sub-points/clarifications of the first one, so indent?

Suggested change

	- You must create separate registrations for each AWS region where you plan to send SMS
	- Phone numbers provisioned in one region cannot be used in other regions
	- You must create separate registrations for each AWS region where you plan to send SMS
	- Phone numbers provisioned in one region cannot be used in other regions

[doshitan]

Suggested change

	- Registration and phone numbers are region-specific
	- Registrations and phone numbers are region-specific

[doshitan]

Suggested change

	#!/bin/bash
	#!/usr/bin/env bash

[doshitan]

For formatting standards.

Suggested change

	REGION="${1}"
	# Get first available pool without filtering by name
	QUERY="Pools[0].{PoolId:PoolId,PoolArn:PoolArn}"
	# List SMS phone pools using AWS CLI with specified region
	pools=$(aws pinpoint-sms-voice-v2 describe-pools \
	--region "$REGION" \
	--query "$QUERY" \
	--output json 2>/dev/null || echo '{}')
	# Check if any pools were found
	if [[ "$pools" == "{}" ]] || [[ "$pools" == "null" ]]; then
	echo '{"pool_id":"","pool_arn":"","exists":"false"}'
	exit 0
	fi
	# Extract pool details
	pool_id=$(echo "$pools" | jq -r '.PoolId // ""')
	pool_arn=$(echo "$pools" | jq -r '.PoolArn // ""')
	# Validate that we have valid pool data
	if [[ "$pool_id" == "" ]] || [[ "$pool_id" == "null" ]]; then
	echo '{"pool_id":"","pool_arn":"","exists":"false"}'
	else
	echo "{\"pool_id\":\"$pool_id\",\"pool_arn\":\"$pool_arn\",\"exists\":\"true\"}"
	fi
	# Get region parameter (always provided by Terraform)
	region="${1}"
	# Get first available pool without filtering by name
	query="Pools[0].{PoolId:PoolId,PoolArn:PoolArn}"
	# List SMS phone pools using AWS CLI with specified region
	pools=$(aws pinpoint-sms-voice-v2 describe-pools \
	--region "${region}" \
	--query "${query}" \
	--output json 2>/dev/null || echo '{}')
	# Check if any pools were found
	if [[ "${pools}" == "{}" ]] || [[ "${pools}" == "null" ]]; then
	echo '{"pool_id":"","pool_arn":"","exists":"false"}'
	exit 0
	fi
	# Extract pool details
	pool_id=$(echo "${pools}" | jq -r '.PoolId // ""')
	pool_arn=$(echo "${pools}" | jq -r '.PoolArn // ""')
	# Validate that we have valid pool data
	if [[ -z "${pool_id}" ]] || [[ "${pool_id}" == "null" ]]; then
	echo '{"pool_id":"","pool_arn":"","exists":"false"}'
	else
	echo "{\"pool_id\":\"${pool_id}\",\"pool_arn\":\"${pool_arn}\",\"exists\":\"true\"}"
	fi

[doshitan]

The script looks to only grab the first phone pool in a region? So the name doesn't feel quite right being plural, maybe more find-an-existing-pool.sh?