CCM-7908 adding mechanism for TFVAR based secret

Author: aidenvaines-cgi

infrastructure/terraform/components/app/ssm_parameter_amplify_password.tf

@@ -3,11 +3,11 @@ resource "aws_ssm_parameter" "amplify_password" {
 
   name  = "/${local.csi}/amplify_password"
   type  = "String"
-  value = random_password.password[0].result
+  value = var.amplify_basic_auth_secret != "unset" ?  var.amplify_basic_auth_secret : random_password.password[0].result
 }
 
 resource "random_password" "password" {
-  count = var.enable_amplify_basic_auth ? 1 : 0
+  count = var.enable_amplify_basic_auth && var.amplify_basic_auth_secret == "unset" ? 1 : 0
 
   length  = 16
   special = true

infrastructure/terraform/components/app/variables.tf

@@ -90,7 +90,14 @@ variable "enable_cognito_built_in_idp" {
 variable "enable_amplify_basic_auth" {
   type        = bool
   description = "Enable a basic set of credentials in the form of a dynamicly generated username and password for the amplify app branches. Not intended for production use"
-  default     = false
+  default     = true
+}
+
+variable "amplify_basic_auth_secret" {
+  type        = string
+  description = "Secret key/password to use for Amplify Basic Auth - This is entended to be read from CI variables and not commited to any codebase"
+  sensitive   = true
+  default     = "unset"
 }
 
 variable "branch_name" {