How to whitelist specific phone numbers within SNS's SMS service while in production mode
Situation
I have a non-prod and prod accounts. The app is using the SMS functionality to validate/authenticate user via Cognito User Pool (Custom Auth Flow) by sending OTP to the mobile number. While testing sending SMS functionality within non-prod, I am in sandbox mode. Here I have specific quota and also restrictions on who I can send OTP SMS to (via sandbox feature). Once in prod, I need to request for moving the prod account out of sandbox.
Problem
Being in prod will open up the possibility to send OTP to all the numbers in the world as long as the quota is not increased. But I may want to blacklist certain numbers / countries. I am unable to find a way to configure something like that. Is there anyway I can configure this?
Attempts so far
- I have tried Googling and going through some stackoverflow post. They do not address this specific issues.
- I have tried logging several AWS support tickets and got completely irrelevant answers.
- I looked into AWS documentations and it covers functionality where users can "opt out" from the messages. However, this is not applicable in our case. We are not subscribing to the topic or sending marketing emails. We are using SNS to call send SMS APIs for OTP, once the user logs into the mobile application. But I still want to control and maintain blacklist/whitelist numbers.
You can prevent SMSs from being sent to certain phonenumbers by raising an exception in the custom message lambda trigger. In the lambda you can query for example a dynamodb table that holds your list of non-allowed emails/phones and decide whether to throw the exception or not.
A common practice is also to use Cognito itself as a store for the disallowed phonenumbers and emailaddresses. If you specify that these aliases have to be unique per user Cognito will prevent the same phonenumbers and email addresses to be used for new sign-ups and emailaddress / phonenumber changes. The only thing you want to do when setting a user to disallowed is set some attribute on the user in the Cognito User Pool that you recognize in the pre-authentication lambda where you can throw an exception preventing them to log in.
Relevant questions
How to add SNS Toll-free Origination numbers for SMS in US-west-1
asked a month agoOTP SMS not going through to 30% of Danish numbers
asked 6 months agoPinpoint not receiving SMS
asked 5 months agoWhat is the best AWS service for sending SMS via REST WEB API calls?
Accepted Answerasked 6 months agoSome SMS return with status: " Phone has blocked SMS"
asked 8 days agoSMS not received from SNS
asked 3 months agoReceiving SMS to Pinpoint phone number from a short code number
asked 2 months agoAWS SNS - Unable to send SMS
asked 5 days agoSetup aws sms onetime password in production and dev
asked a month agoHow to whitelist specific phone numbers within SNS's SMS service while in production mode
asked 6 months ago
not sure, but think about EventBridge/Lambda/S3.