add SMS Notifications files not included on first feature commit

Author: jrpbc

infra/modules/notifications-phone-pool/resources/main.tf

@@ -28,6 +28,7 @@ locals {
 # CloudFormation stack for SMS phone pool and phone number
 # Every phone pool must have at least one phone number, so we create both resources in the same stack.
 resource "aws_cloudformation_stack" "sms_phone_pool" {
+  # checkov:skip=CKV_AWS_124: CloudFormation stack event notifications via SNS not required; stack lifecycle is managed by Terraform and errors surface through Terraform output.
   name = "${var.name}-phone-pool"
 
   timeout_in_minutes = 5

infra/modules/notifications-sms/resources/main.tf

@@ -106,6 +106,7 @@ resource "aws_iam_role_policy" "sms_logging_permissions" {
 
 # CloudFormation stack for SMS configuration set
 resource "aws_cloudformation_stack" "sms_config_set" {
+  # checkov:skip=CKV_AWS_124: CloudFormation stack event notifications via SNS not required; stack lifecycle is managed by Terraform and errors surface through Terraform output.
   name = "${var.name}-config-set"
 
   # Use a dedicated service role for CloudFormation operations

infra/networks/main.tf.jinja

@@ -48,6 +48,9 @@ locals {
 
   # Whether any of the applications in the network has enabled notifications
   enable_notifications = anytrue([for app in local.apps_in_network : app.enable_notifications])
+
+  # Whether any of the applications in the network has enabled SMS notifications
+  enable_sms_notifications = anytrue([for app in local.apps_in_network : app.enable_sms_notifications])
 }
 
 terraform {

infra/project-config/aws_services.tf

@@ -107,8 +107,5 @@ locals {
 
     // AWS WAF v2 – An updated web application firewall service for filtering and securing traffic.
     "wafv2",
-
-    // AWS CloudFormation – Provides infrastructure as code for deploying and managing AWS resources. Used to manage resources that don't have adequate native Terraform support.
-    "cloudformation",
   ]
 }

infra/{{app_name}}/app-config/dev.tf

@@ -11,6 +11,7 @@ module "dev_config" {
   has_incident_management_service = local.has_incident_management_service
   enable_notifications            = local.enable_notifications
   enable_document_data_extraction = local.enable_document_data_extraction
+  enable_sms_notifications        = local.enable_sms_notifications
 
   # Enable and configure identity provider.
   enable_identity_provider = local.enable_identity_provider

infra/{{app_name}}/app-config/env-config/notifications.tf

@@ -15,4 +15,17 @@ locals {
     # Configure the REPLY-TO email address if it should be different from the sender.
     reply_to_email = "notifications@${var.domain_name}"
   } : null
+  sms_config = var.enable_sms_notifications ? {
+    # SMS configuration name.
+    name = "${var.app_name}-${var.environment}-sms"
+
+    # Type of SMS number to use: "LONG_CODE", "TOLL_FREE". For more information,
+    # see https://docs.aws.amazon.com/sms-voice/latest/userguide/phone-number-types.html.
+    sms_number_type = var.sms_number_type
+
+    # The AWS End User Messaging Service (EUMS) registration ID to use to provision the sender phone number.
+    # This is the registration ID provided by AWS when registering the phone number.
+    sms_sender_phone_number_registration_id = var.sms_sender_phone_number_registration_id
+
+  } : null
 }

infra/{{app_name}}/app-config/env-config/outputs.tf

@@ -34,6 +34,10 @@ output "notifications_config" {
   value = local.notifications_config
 }
 
+output "sms_config" {
+  value = local.sms_config
+}
+
 output "storage_config" {
   value = {
     # Include project name in bucket name since buckets need to be globally unique across AWS

infra/{{app_name}}/app-config/env-config/variables.tf

@@ -43,6 +43,24 @@ variable "enable_identity_provider" {
   default     = false
 }
 
+variable "enable_sms_notifications" {
+  type        = bool
+  description = "Enables SMS notifications"
+  default     = false
+}
+
+variable "sms_number_type" {
+  type        = string
+  description = "The type of phone number to use for SMS notifications. Must be either 'LONG_CODE', 'TOLL_FREE', 'TEN_DLC', or 'SIMULATOR'."
+  default     = null
+}
+
+variable "sms_sender_phone_number_registration_id" {
+  type        = string
+  description = "The registration ID for the phone number to use as the sender in SMS messages. This value is obtain in AWS and the registration must be in APPROVED or COMPLETE status to be linked."
+  default     = null
+}
+
 variable "enable_notifications" {
   type        = bool
   description = "Enables notifications"

infra/{{app_name}}/app-config/main.tf

@@ -43,6 +43,13 @@ locals {
   # 2. Sets up IAM permissions for the application to send emails
   enable_notifications = false
 
+  # Whether or not the application should enable SMS notifications via AWS End User Messaging.
+  # If enabled:
+  # 1. Creates AWS End User Messaging SMS configuration set
+  # 2. Sets up IAM permissions for SMS sending
+  # 3. Configures SMS delivery tracking and opt-out management
+  enable_sms_notifications = false
+
   # Whether or not the application should enable WAF for the load balancer.
   # If enabled:
   # 1. Creates an AWS WAF web ACL with AWSManagedRulesCommonRuleSet

infra/{{app_name}}/app-config/outputs.tf

@@ -38,6 +38,10 @@ output "enable_notifications" {
   value = local.enable_notifications
 }
 
+output "enable_sms_notifications" {
+  value = local.enable_sms_notifications
+}
+
 output "enable_waf" {
   value = local.enable_waf
 }