Update infra-app app to version v0.13.0-63-g697aac4

.template-infra/app-app.yml

@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.12.6-61-g7053f3d
+_commit: v0.13.0-63-g697aac4
 _src_path: ../template-infra
 app_has_dev_env_setup: true
 app_local_port: 3000

infra/app/app-config/dev.tf

@@ -9,6 +9,7 @@ module "dev_config" {
   enable_https                    = false
   has_database                    = local.has_database
   has_incident_management_service = local.has_incident_management_service
+  enable_notifications            = local.enable_notifications
 
   # Enable and configure identity provider.
   enable_identity_provider = local.enable_identity_provider

infra/app/app-config/env-config/notifications.tf

@@ -1,16 +1,18 @@
 # Notifications configuration
 locals {
   notifications_config = var.enable_notifications ? {
-    # Set to an SES-verified email address to be used when sending emails.
-    # Docs: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
-    sender_email = null
+    # Pinpoint app name.
+    name = "${var.app_name}-${var.environment}"
 
-    # Configure the name that users see in the "From" section of their inbox, so that it's
-    # clearer who the email is from.
+    # Configure the name that users see in the "From" section of their inbox,
+    # so that it's clearer who the email is from.
     sender_display_name = null
 
+    # Set to the email address to be used when sending emails.
+    # If enable_notifications is true, this is required.
+    sender_email = "notifications@${var.domain_name}"
+
     # Configure the REPLY-TO email address if it should be different from the sender.
-    # Note: Only used by the identity-provider service.
-    reply_to_email = null
+    reply_to_email = "notifications@${var.domain_name}"
   } : null
 }

infra/app/app-config/main.tf

@@ -31,8 +31,9 @@ locals {
   enable_identity_provider = false
 
   # Whether or not the application should deploy a notification service
-  # Note: This is not yet ready for use.
-  # TODO(https://github.com/navapbc/template-infra/issues/567)
+  # If enabled:
+  # 1. Creates an AWS Pinpoint application
+  # 2. Configures email notifications using AWS SES
   enable_notifications = false
 
   environment_configs = {

infra/app/app-config/outputs.tf

@@ -30,6 +30,10 @@ output "enable_identity_provider" {
   value = local.enable_identity_provider
 }
 
+output "enable_notifications" {
+  value = local.enable_notifications
+}
+
 output "shared_network_name" {
   value = local.shared_network_name
 }

infra/app/app-config/prod.tf

@@ -10,6 +10,7 @@ module "prod_config" {
   has_database                    = local.has_database
   has_incident_management_service = local.has_incident_management_service
   enable_identity_provider        = local.enable_identity_provider
+  enable_notifications            = local.enable_notifications
 
   # These numbers are a starting point based on this article
   # Update the desired instance size and counts based on the project's specific needs

infra/app/app-config/staging.tf

@@ -10,6 +10,7 @@ module "staging_config" {
   has_database                    = local.has_database
   has_incident_management_service = local.has_incident_management_service
   enable_identity_provider        = local.enable_identity_provider
+  enable_notifications            = local.enable_notifications
 
   # Enables ECS Exec access for debugging or jump access.
   # See https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html

infra/app/service/main.tf

@@ -182,6 +182,7 @@ module "service" {
       BUCKET_NAME = local.storage_config.bucket_name
     },
     local.identity_provider_environment_variables,
+    local.notifications_environment_variables,
     local.service_config.extra_environment_variables
   )
 

infra/app/service/notifications.tf

@@ -0,0 +1,44 @@
+locals {
+  # If this is a temporary environment, re-use an existing email identity. Otherwise, create a new one.
+  domain_identity_arn = module.app_config.enable_notifications ? (
+    !local.is_temporary ?
+    module.notifications_email_domain[0].domain_identity_arn :
+    module.existing_notifications_email_domain[0].domain_identity_arn
+  ) : null
+  notifications_environment_variables = module.app_config.enable_notifications ? {
+    AWS_PINPOINT_APP_ID       = module.notifications[0].app_id,
+    AWS_PINPOINT_SENDER_EMAIL = local.notifications_config.sender_email
+  } : {}
+  notifications_app_name = module.app_config.enable_notifications ? "${local.prefix}${local.notifications_config.name}" : ""
+}
+
+# If the app has `enable_notifications` set to true AND this is not a temporary
+# environment, then create a email notification identity.
+module "notifications_email_domain" {
+  count  = module.app_config.enable_notifications && !local.is_temporary ? 1 : 0
+  source = "../../modules/notifications-email-domain/resources"
+
+  domain_name = local.service_config.domain_name
+}
+
+# If the app has `enable_notifications` set to true AND this *is* a temporary
+# environment, then create a email notification identity.
+module "existing_notifications_email_domain" {
+  count  = module.app_config.enable_notifications && local.is_temporary ? 1 : 0
+  source = "../../modules/notifications-email-domain/data"
+
+  domain_name = local.service_config.domain_name
+}
+
+# If the app has `enable_notifications` set to true, create a new email notification
+# AWS Pinpoint app for the service. A new app is created for all environments, including
+# temporary environments.
+module "notifications" {
+  count  = module.app_config.enable_notifications ? 1 : 0
+  source = "../../modules/notifications/resources"
+
+  name                = local.notifications_app_name
+  domain_identity_arn = local.domain_identity_arn
+  sender_display_name = local.notifications_config.sender_display_name
+  sender_email        = local.notifications_config.sender_email
+}