feat(deploy_user): toggle deploy iam user creation

deploy.tf

@@ -1,12 +1,15 @@
 resource "aws_iam_user" "deploy" {
+  count = var.enable_deploy_user == true ? 1 : 0
   name = "zvirt-${local.main_domain_sanitized}-deploy"
 }
 
 resource "aws_iam_access_key" "deploy" {
-  user = aws_iam_user.deploy.name
+  count = var.enable_deploy_user == true ? 1 : 0
+  user = aws_iam_user.deploy[0].name
 }
 
 data "aws_iam_policy_document" "deploy" {
+  count = var.enable_deploy_user == true ? 1 : 0
   statement {
     effect = "Allow"
     actions = [
@@ -31,9 +34,11 @@ data "aws_iam_policy_document" "deploy" {
 }
 
 resource "aws_iam_user_policy" "deploy" {
-  user = aws_iam_user.deploy.name
+  count = var.enable_deploy_user == true ? 1 : 0
 
-  policy = data.aws_iam_policy_document.deploy.json
+  user = aws_iam_user.deploy[0].name
+
+  policy = data.aws_iam_policy_document.deploy[0].json
 }
 
 module "gitlab" {
@@ -46,8 +51,8 @@ module "gitlab" {
 
   aws_s3_bucket_name             = module.s3_bucket.s3_bucket_id
   aws_cloudfront_distribution_id = aws_cloudfront_distribution.this.id
-  aws_access_key_id              = aws_iam_access_key.deploy.id
-  aws_secret_access_key          = aws_iam_access_key.deploy.secret
+  aws_access_key_id              = aws_iam_access_key.deploy[0].id
+  aws_secret_access_key          = aws_iam_access_key.deploy[0].secret
   aws_default_region             = data.aws_region.current.name
 }
 
@@ -70,3 +75,18 @@ moved {
   from = gitlab_project_variable.site_aws_secret_access_key[0]
   to   = module.gitlab[0].gitlab_project_variable.site_aws_secret_access_key
 }
+
+moved {
+  from = aws_iam_access_key.deploy
+  to   = aws_iam_access_key.deploy[0]
+}
+
+moved {
+  from = aws_iam_access_key.deploy
+  to   = aws_iam_access_key.deploy[0]
+}
+
+moved {
+  from = aws_iam_user.deploy
+  to   = aws_iam_user.deploy[0]
+}

outputs.tf

@@ -7,11 +7,11 @@ output "aws_cloudfront_distribution_id" {
 }
 
 output "aws_access_key_id" {
-  value = aws_iam_access_key.deploy.id
+  value = var.enable_deploy_user ? aws_iam_access_key.deploy[0].id : null
 }
 
 output "aws_secret_access_key" {
-  value     = aws_iam_access_key.deploy.secret
+  value     = var.enable_deploy_user ? aws_iam_access_key.deploy[0].secret : null
   sensitive = true
 }
 

variables.tf

@@ -72,6 +72,12 @@ variable "functions" {
   default = {}
 }
 
+variable "enable_deploy_user" {
+  type        = bool
+  default     = true
+  description = "Toggle s3 deploy user creation"
+}
+
 variable "encrypt_with_kms" {
   type        = bool
   default     = false