chore: ensure the parameter store sharing is optional

gambol99 · gambol99 · commit 65489548f7af · 2025-04-22T17:08:00.000+01:00
diff --git a/modules/shared/parameters.tf b/modules/shared/parameters.tf
@@ -8,6 +8,8 @@ locals {
 
 ## Provision the SSM parameter to store the JSON data
 resource "aws_ssm_parameter" "current" {
+  count = var.enable_parameter_store ? 1 : 0
+
   name        = format("%s/%s/%s", var.parameter_store_prefix, var.vpc_id, var.name)
   description = "Used to share resource related tags with other accounts"
   type        = "String"
@@ -18,29 +20,33 @@ resource "aws_ssm_parameter" "current" {
 
 ## Provision the RAM share to distribute the SSM parameter
 resource "aws_ram_resource_share" "ssm_parameter_share" {
+  count = var.enable_parameter_store ? 1 : 0
+
   allow_external_principals = false
   name                      = format("ssm-parameter-share-%s", var.name)
   tags                      = local.tags
 }
 
 ## Associate the Parameter Store value with the RAM resource share
 resource "aws_ram_resource_association" "ssm_parameter_association" {
-  resource_share_arn = aws_ram_resource_share.ssm_parameter_share.arn
-  resource_arn       = aws_ssm_parameter.current.arn
+  count = var.enable_parameter_store ? 1 : 0
+
+  resource_share_arn = aws_ram_resource_share.ssm_parameter_share[0].arn
+  resource_arn       = aws_ssm_parameter.current[0].arn
 }
 
 ## Associate the principals with the RAM share
 resource "aws_ram_principal_association" "ssm_parameter_accounts" {
-  for_each = toset(var.share.accounts)
+  for_each = var.enable_parameter_store ? toset(var.share.accounts) : toset([])
 
   principal          = each.value
-  resource_share_arn = aws_ram_resource_share.this.arn
+  resource_share_arn = aws_ram_resource_share.ssm_parameter_share[0].arn
 }
 
 ## Associate the principals with the RAM share
 resource "aws_ram_principal_association" "ssm_parameter_organizational_units" {
-  for_each = toset(var.share.organizational_units)
+  for_each = var.enable_parameter_store ? toset(var.share.organizational_units) : toset([])
 
   principal          = each.value
-  resource_share_arn = aws_ram_resource_share.this.arn
+  resource_share_arn = aws_ram_resource_share.ssm_parameter_share[0].arn
 }
diff --git a/modules/shared/variables.tf b/modules/shared/variables.tf
@@ -9,6 +9,12 @@ variable "vpc_id" {
   type        = string
 }
 
+variable "enable_parameter_store" {
+  description = "Whether to share information via the SSM parameter store"
+  type        = bool
+  default     = true
+}
+
 variable "share" {
   description = "The principals to share the provisioned subnets with"
   type = object({
