jimleroyer
commented
5 months ago Good news 🕺
We can assign a service to our short code and it will send it successfully without modifications.
Bad news 🤕
As our short code is currently sitting with our pool of long codes, it means that it being used to send SMS of all sorts, i.e. non 2FA.
Next steps 🐾
There are mitigations to avoid our SMS code to be used by all services and which varies by implementation effort. I need to contact AWS to check about one which I hope could be a quick solution but would be undocumented.
Among solutions:
- Create a phone pool in AWS pinpoint for regular long codes that are unassigned and discard our short code. Pass in the pool to use in the message attribute when sending to botocore SNS API. It does not seem like they support this attribute through this API unfortunately so I don't have high hope, because phone pools are a pinpoint feature. I will ask AWS support about it. Ask if we can select a phone number via tagging too.
- Create a phone pool in AWS pinpoint for regular long codes that are unassigned and discard our short code. Resurrect the Pinpoint implementation to send SMS and leverage the botocore pinpoint API to send messages identified with a specific phone pool.
- Implement a pool feature of our own with all phone numbers we got. This options would give us more flexibility and much improved monitoring. We could decide exactly which code sends which SMS and of the round robin strategy to favor. Also one that would require most changes and take time. We could host the list of pool ourselves or retrieve by tag or pool from AWS.
ben851
Description
As a Notify developer, I need to test whether Notify will work with the short code
WHY are we building?
Want to be confident that we can use the short code
WHAT are we building?
Use the short code for sending SMS for one fixed (test) service
VALUE created by our solution
We'll know if we can use the short code
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
QA Steps