feat: allow optionality of SSM params (#109)

Author: oycyc

README.md

@@ -202,6 +202,7 @@ For automated tests of the complete example using [bats](https://github.com/bats
 | <a name="input_security_group_description"></a> [security\_group\_description](#input\_security\_group\_description) | The description to assign to the created Security Group.<br/>Warning: Changing the description causes the security group to be replaced. | `string` | `"Managed by Terraform"` | no |
 | <a name="input_security_group_name"></a> [security\_group\_name](#input\_security\_group\_name) | The name to assign to the created security group. Must be unique within the VPC.<br/>If not provided, will be derived from the `null-label.context` passed in.<br/>If `create_before_destroy` is true, will be used as a name prefix. | `list(string)` | `[]` | no |
 | <a name="input_ssm_parameter_name_format"></a> [ssm\_parameter\_name\_format](#input\_ssm\_parameter\_name\_format) | SSM parameter name format | `string` | `"/%s/%s"` | no |
+| <a name="input_ssm_parameters_enabled"></a> [ssm\_parameters\_enabled](#input\_ssm\_parameters\_enabled) | Whether to create SSM parameters for MQ users and passwords | `bool` | `true` | no |
 | <a name="input_ssm_path"></a> [ssm\_path](#input\_ssm\_path) | The first parameter to substitute in `ssm_parameter_name_format` | `string` | `"mq"` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | List of VPC subnet IDs | `list(string)` | n/a | yes |

main.tf

@@ -45,7 +45,7 @@ resource "random_password" "mq_application_password" {
 }
 
 resource "aws_ssm_parameter" "mq_master_username" {
-  count       = local.mq_admin_user_enabled ? 1 : 0
+  count       = local.mq_admin_user_enabled && var.ssm_parameters_enabled ? 1 : 0
   name        = format(var.ssm_parameter_name_format, var.ssm_path, var.mq_admin_user_ssm_parameter_name)
   value       = local.mq_admin_user
   description = "MQ Username for the admin user"
@@ -54,7 +54,7 @@ resource "aws_ssm_parameter" "mq_master_username" {
 }
 
 resource "aws_ssm_parameter" "mq_master_password" {
-  count       = local.mq_admin_user_enabled ? 1 : 0
+  count       = local.mq_admin_user_enabled && var.ssm_parameters_enabled ? 1 : 0
   name        = format(var.ssm_parameter_name_format, var.ssm_path, var.mq_admin_password_ssm_parameter_name)
   value       = local.mq_admin_password
   description = "MQ Password for the admin user"
@@ -64,7 +64,7 @@ resource "aws_ssm_parameter" "mq_master_password" {
 }
 
 resource "aws_ssm_parameter" "mq_application_username" {
-  count       = local.enabled ? 1 : 0
+  count       = local.enabled && var.ssm_parameters_enabled ? 1 : 0
   name        = format(var.ssm_parameter_name_format, var.ssm_path, var.mq_application_user_ssm_parameter_name)
   value       = local.mq_application_user
   description = "AMQ username for the application user"
@@ -73,7 +73,7 @@ resource "aws_ssm_parameter" "mq_application_username" {
 }
 
 resource "aws_ssm_parameter" "mq_application_password" {
-  count       = local.enabled ? 1 : 0
+  count       = local.enabled && var.ssm_parameters_enabled ? 1 : 0
   name        = format(var.ssm_parameter_name_format, var.ssm_path, var.mq_application_password_ssm_parameter_name)
   value       = local.mq_application_password
   description = "AMQ password for the application user"

variables.tf

@@ -106,6 +106,12 @@ variable "subnet_ids" {
   description = "List of VPC subnet IDs"
 }
 
+variable "ssm_parameters_enabled" {
+  type        = bool
+  description = "Whether to create SSM parameters for MQ users and passwords"
+  default     = true
+}
+
 variable "ssm_parameter_name_format" {
   type        = string
   description = "SSM parameter name format"