Describe the solution you'd like
The solution can follow what is done in https://github.com/hashicorp/terraform-aws-consul.
An input variable enable_instance_iam_setup makes the instance IAM setup optional.
In this module there are there are multiple policies (S3, dynamo and auto-unseal) that use the instance role so the documentation should make it clear that disabling the instance role should only be done if those three features are also disabled.
Describe the solution you'd like The solution can follow what is done in https://github.com/hashicorp/terraform-aws-consul. An input variable enable_instance_iam_setup makes the instance IAM setup optional. In this module there are there are multiple policies (S3, dynamo and auto-unseal) that use the instance role so the documentation should make it clear that disabling the instance role should only be done if those three features are also disabled.
Describe alternatives you've considered
Additional context