To create an AWS parameter in a module, just the simplest example I could think of. The access key and secret are exported as shell variables. This is not the best way to do this, but the object of the excercise is to play with modules not authentication.

user@ubuntu:~/projects/terraform$ tree
.
├── main.tf
├── set_parameter
│   ├── main.tf
│   ├── output.tf
│   └── variables.tf
├── terraform.tfstate
├── terraform.tfstate.backup
└── variables.tf

Variables are set in the variables.tf file:-

$ cat variables.tf

variable "test1" {
  description = "test 1 string"
  type        = string
  default     = "variable1"
}
variable "test2" {
  description = "test 2 string"
  type        = string
  default     = "variable2"
}

These are used in main.tf:-

$ cat main.tf
provider "aws" {
  region = "eu-west-1"
  default_tags {
    tags = {
      BuiltBy = "Terraform"
    }
  }
}

module "set_parameter" {
  source     = "./set_parameter"
  para_name  = var.test1
  para_value = var.test2
}

output "Parameter_Name" {
  value = module.set_parameter.parameter_arn
}

In the set_parameter directory we have the files for the module. variables.tf defines the variables expected to be passed in to the module:-

set_parameter$ cat variables.tf
variable "para_name" {
  type = string
  description = "Parameter name"
}

variable "para_value" {
  type = string
  description = "Parameter Value"
}

main.tf does the work:-

set_parameter$ cat main.tf
resource "aws_ssm_parameter" "mypara" {
  name = var.para_name
  type = "String"
  value = var.para_value
}

The values returned to the calling code are defined in output.tf:-

set_parameter$ cat output.tf
# Outputs to export to the code calling this module

output "parameter_arn" {
  value = aws_ssm_parameter.mypara.arn
}

This outputs the arn of the parameter created.

$ terraform apply
 
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
 
Terraform will perform the following actions:
 
  # module.set_parameter.aws_ssm_parameter.mypara will be created
  + resource "aws_ssm_parameter" "mypara" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "Myname"
      + tags_all       = {
          + "BuiltBy" = "Terraform"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }
 
Plan: 1 to add, 0 to change, 0 to destroy.
 
Changes to Outputs:
  + Parameter_Name = (known after apply)
 
 
module.set_parameter.aws_ssm_parameter.mypara: Creating...
module.set_parameter.aws_ssm_parameter.mypara: Creation complete after 0s [id=Myname]
 
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 
Outputs:
 
Parameter_Name = "arn:aws:ssm:eu-west-1:581230658448:parameter/variable1"
 
$

terraform destroy will remove the parameter.