Rotates keys for moose-hf, ses_user, and the salt user

Process is documented in `AWS Notes.md`. Was done recently, but we need
to get rid of the old second keys.

To be tagged v5.2.9

base/account_standards_c2/iam.moose-hf.tf

@@ -18,23 +18,23 @@
 # We could specify a pgp_key attribute, and then the secret will be encrypted
 # in both the state file and in the output. If we used the salt PGP key,
 # no user would ever have to see the secret key.
-resource "aws_iam_access_key" "moose-hf-v1" {
+resource "aws_iam_access_key" "moose-hf-v2" {
   user = aws_iam_user.moose-hf.name
 }
 
-resource "aws_iam_access_key" "moose-hf-v2" {
+resource "aws_iam_access_key" "moose-hf-v3" {
   user = aws_iam_user.moose-hf.name
 }
 
 output "access_keys" {
   value = {
     "current" = {
-      "aws_access_key_id" : aws_iam_access_key.moose-hf-v2.id
-      "aws_secret_access_key" : aws_iam_access_key.moose-hf-v2.secret
+      "aws_access_key_id" : aws_iam_access_key.moose-hf-v3.id
+      "aws_secret_access_key" : aws_iam_access_key.moose-hf-v3.secret
     },
     "previous" = {
-      "aws_access_key_id" : aws_iam_access_key.moose-hf-v1.id
-      "aws_secret_access_key" : aws_iam_access_key.moose-hf-v1.secret
+      "aws_access_key_id" : aws_iam_access_key.moose-hf-v2.id
+      "aws_secret_access_key" : aws_iam_access_key.moose-hf-v2.secret
     }
   }
   sensitive = true

base/mailrelay/ses.tf

@@ -5,12 +5,12 @@
 # add a new one (with a higher version number), and then update the output.
 
 # ses_user
-resource "aws_iam_access_key" "ses_access_key-v3" {
+resource "aws_iam_access_key" "ses_access_key-v4" {
   user     = aws_iam_user.ses_user.name
   provider = aws.ses
 }
 
-resource "aws_iam_access_key" "ses_access_key-v4" {
+resource "aws_iam_access_key" "ses_access_key-v5" {
   user     = aws_iam_user.ses_user.name
   provider = aws.ses
 }
@@ -31,11 +31,11 @@ resource "aws_iam_access_key" "ses_access_key-v4" {
 #}
 
 output "ses_user_smtp_username" {
-  value = aws_iam_access_key.ses_access_key-v4.id
+  value = aws_iam_access_key.ses_access_key-v5.id
 }
 
 output "ses_user_smtp_password" {
-  value     = aws_iam_access_key.ses_access_key-v4.ses_smtp_password_v4
+  value     = aws_iam_access_key.ses_access_key-v5.ses_smtp_password_v4
   sensitive = true
 }
 

base/salt_master_inventory_role/user.tf

@@ -15,12 +15,12 @@ locals {
   user_count    = local.is_commercial && local.is_c2 ? 1 : 0
 }
 
-resource "aws_iam_access_key" "salt-master-v1" {
+resource "aws_iam_access_key" "salt-master-v2" {
   count = local.user_count
   user  = aws_iam_user.salt-master[count.index].name
 }
 
-resource "aws_iam_access_key" "salt-master-v2" {
+resource "aws_iam_access_key" "salt-master-v3" {
   count = local.user_count
   user  = aws_iam_user.salt-master[count.index].name
 }
@@ -29,12 +29,12 @@ output "access_keys" {
   # Only output the keys if there _are_ keys
   value = local.user_count == 0 ? null : {
     "current" = {
-      "aws_access_key_id" : aws_iam_access_key.salt-master-v2[0].id
-      "aws_secret_access_key" : aws_iam_access_key.salt-master-v2[0].secret
+      "aws_access_key_id" : aws_iam_access_key.salt-master-v3[0].id
+      "aws_secret_access_key" : aws_iam_access_key.salt-master-v3[0].secret
     },
     "previous" = {
-      "aws_access_key_id" : aws_iam_access_key.salt-master-v1[0].id
-      "aws_secret_access_key" : aws_iam_access_key.salt-master-v1[0].secret
+      "aws_access_key_id" : aws_iam_access_key.salt-master-v2[0].id
+      "aws_secret_access_key" : aws_iam_access_key.salt-master-v2[0].secret
     }
   }
   sensitive = true