Call centre migration connector secret (#8921)

* create secret to store creds for transfer connector

* small tweaks, formatting

terraform/environments/long-term-storage/call-centre-migration.tf

@@ -1,3 +1,9 @@
+resource "aws_cloudwatch_log_group" "call_centre" {
+  name_prefix       = "call-centre-migration"
+  retention_in_days = 365
+  tags              = local.tags
+}
+
 resource "aws_kms_key" "call_centre" {
   enable_key_rotation     = true
   rotation_period_in_days = 90
@@ -29,6 +35,14 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "call_centre" {
   }
 }
 
+resource "aws_secretsmanager_secret" "call_centre" {
+  description                    = "Secret containing key-value pairs for AWS Transfer connector."
+  force_overwrite_replica_secret = true
+  name                           = "aws/transfer/${aws_transfer_server.call_centre.id}/call-centre"
+  recovery_window_in_days        = 0
+  tags                           = local.tags
+}
+
 resource "aws_transfer_server" "call_centre" {
   logging_role                = aws_iam_role.call_centre_transfer_logging.arn
   structured_log_destinations = ["${aws_cloudwatch_log_group.call_centre.arn}:*"]
@@ -38,12 +52,6 @@ resource "aws_transfer_server" "call_centre" {
   )
 }
 
-resource "aws_cloudwatch_log_group" "call_centre" {
-  name_prefix       = "call-centre-migration"
-  retention_in_days = 365
-  tags              = local.tags
-}
-
 resource "aws_iam_role" "call_centre_transfer_logging" {
   name_prefix        = "call-centre-migration-logging"
   assume_role_policy = data.aws_iam_policy_document.aws_transfer_assume_role_policy.json