Add SigV4 for SES SMTP passwords

[n3ph]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

As SigV2 is deprecated and replaced by SigV4 the used signature algorithm should be updated. Since the new algorithm intends to sign a password for a specific AWS region it should be possible to get signed SES SMTP passwords per defined region.

affected Resource

• aws_iam_access_key

Potential Terraform Configuration

resource "aws_iam_user" "test" {
  name = "test"
  path = "/test/"
}

resource "aws_iam_access_key" "test" {
  user             = aws_iam_user.test.name
  ses_smtp_regions = ["eu-central-1", "us-east-1"]
}

output "aws_iam_smtp_password_eu_central_1" {
  value = [for ses_smtp_password in aws_iam_access_key.test.ses_smtp_passwords :
  ses_smtp_password.secret if ses_smtp_password.region == "eu-central-1"][0]
}

References

• Relates to Generated SES SMTP password does not work #10903
• Relates to aws_iam_access_key: parameter ses_smtp_password only valid in Ireland region ?  #11930
• Closed by Add SigV4 for SES SMTP passwords #11144

[n3ph]

As suggested in #11144 (review) the solution was simplified to use the current provider region as a parameter for the SigV4 algorithm.
Code base is heavily simplified and users aren't going to be confused by the multiple region capability of that resource.

Potential Terraform Configuration

resource "aws_iam_user" "test" {
  name = "test"
  path = "/test/"
}

resource "aws_iam_access_key" "test" {
  user = aws_iam_user.test.name
}

output "aws_iam_smtp_password_v4" {
  value = aws_iam_access_key.test.ses_smtp_password_v4
}

[bflad]

Support for generating SES SMTP v4 passwords into a new ses_smtp_password_v4 attribute has been merged and will release with version 2.50.0 of the Terraform AWS Provider. Thanks to @n3ph for the implementation. 👍

Please note: The password value is region-specific to the provider region of the aws_iam_access_key resource. To work across multiple regions, separate resources are necessary.

[ghost]

This has been released in version 2.50.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!