Merge branch 'main' into feature/CCM-7001_branch-auto-disconnection

Author: Ian-Hodges

infrastructure/terraform/components/app/ssm_parameter_amplify_password.tf

@@ -1,13 +1,15 @@
 resource "aws_ssm_parameter" "amplify_password" {
   count = var.enable_amplify_basic_auth ? 1 : 0
 
-  name  = "/${local.csi}/amplify_password"
+  name        = "/${local.csi}/amplify_password"
+  description = "The Basic Auth password used for the amplify app. This parameter is sourced from Github Environment variables"
+
   type  = "String"
-  value = random_password.password[0].result
+  value = var.AMPLIFY_BASIC_AUTH_SECRET != "unset" ?  var.AMPLIFY_BASIC_AUTH_SECRET : random_password.password[0].result
 }
 
 resource "random_password" "password" {
-  count = var.enable_amplify_basic_auth ? 1 : 0
+  count = var.enable_amplify_basic_auth && var.AMPLIFY_BASIC_AUTH_SECRET == "unset" ? 1 : 0
 
   length  = 16
   special = true

infrastructure/terraform/components/app/variables.tf

@@ -90,7 +90,15 @@ variable "enable_cognito_built_in_idp" {
 variable "enable_amplify_basic_auth" {
   type        = bool
   description = "Enable a basic set of credentials in the form of a dynamicly generated username and password for the amplify app branches. Not intended for production use"
-  default     = false
+  default     = true
+}
+
+# Github Environments only handles uppercase envvars
+variable "AMPLIFY_BASIC_AUTH_SECRET" {
+  # Github only does uppercase env vars
+  type        = string
+  description = "Secret key/password to use for Amplify Basic Auth - This is entended to be read from CI variables and not commited to any codebase"
+  default     = "unset"
 }
 
 variable "branch_name" {