diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5f62325..dcfc6fe 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -50,6 +50,9 @@
 * 1.3.5 -- 20220110
   - add output instance_profile_name
 
+* 1.4.0 -- 20220113
+  - add flag create to trigger creating or not creating the module resources
+
 ## version 2.x
 
 branch: compat-tf-0.13
@@ -72,3 +75,6 @@ tag: 2.0.1
 
 * 2.1.1 -- 20220110
   - add output instance_profile_name
+
+* 2.2.0 -- 20220113
+  - add flag create to trigger creating or not creating the module resources
diff --git a/README.md b/README.md
index dbb209a..cbe21b2 100644
--- a/README.md
+++ b/README.md
@@ -144,6 +144,7 @@ No modules.
 | <a name="input_assume_policy_document"></a> [assume\_policy\_document](#input\_assume\_policy\_document) | JSON policy document for role to assume (i.e., the SAML assume document) | `string` | `""` | no |
 | <a name="input_attached_policies"></a> [attached\_policies](#input\_attached\_policies) | List of IAM Policy ARNs to attach to this role | `list(string)` | `[]` | no |
 | <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (role, policy) | `map(map(string))` | <pre>{<br>  "policy": {},<br>  "role": {}<br>}</pre> | no |
+| <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
 | <a name="input_enable_instance_profile"></a> [enable\_instance\_profile](#input\_enable\_instance\_profile) | Flag to enable/disable instance profile on role | `bool` | `false` | no |
 | <a name="input_enable_ldap_creation"></a> [enable\_ldap\_creation](#input\_enable\_ldap\_creation) | Flag to enable/disable LDAP object creation for role group (for SAML only). Also requires LDAP credentials. | `bool` | `false` | no |
 | <a name="input_inline_policies"></a> [inline\_policies](#input\_inline\_policies) | List of IAM Policy Document objects to include in this role. Format is {name=name,policy=policy-json} | `list(object({ name = string, policy = string }))` | `[]` | no |
diff --git a/main.tf b/main.tf
index b64db98..adbf98f 100644
--- a/main.tf
+++ b/main.tf
@@ -134,6 +134,7 @@ locals {
 }
 
 resource "aws_iam_role" "role" {
+  count                 = var.create ? 1 : 0
   name                  = local.role_name
   description           = local.role_description
   force_detach_policies = local._defaults["force_detach_policies"]
@@ -159,24 +160,28 @@ resource "aws_iam_role" "role" {
 }
 
 resource "aws_iam_role_policy_attachment" "role" {
-  for_each   = toset(var.attached_policies)
-  role       = aws_iam_role.role.name
+  for_each   = var.create ? toset(var.attached_policies) : toset({})
+  role       = var.create ? aws_iam_role.role[0].name : ""
   policy_arn = each.value
 }
 
 resource "aws_iam_instance_profile" "role" {
-  count = var.enable_instance_profile ? 1 : 0
-  name  = aws_iam_role.role.name
-  role  = aws_iam_role.role.name
-  path  = var.instance_profile_path
+  count = var.enable_instance_profile && var.create ? 1 : 0
+  #  name  = aws_iam_role.role.name
+  name = var.create ? aws_iam_role.role[0].name : ""
+  #  role  = aws_iam_role.role.name
+  role = var.create ? aws_iam_role.role[0].name : ""
+  path = var.instance_profile_path
 }
 
 data "template_file" "role" {
-  count    = local.enable_ldap ? 1 : 0
+  count    = local.enable_ldap && var.create ? 1 : 0
   template = file("${path.module}/templates/iam-role-ldif.${local.account_environment}.tpl")
   vars = {
-    role_name         = aws_iam_role.role.name
-    role_arn          = aws_iam_role.role.arn
+    #    role_name         = aws_iam_role.role.name
+    role_name = var.create ? aws_iam_role.role[0].name : ""
+    #    role_arn          = aws_iam_role.role.arn
+    role_arn          = var.create ? aws_iam_role.role[0].arn : ""
     account_id        = local.account_id
     saml_provider_arn = var.saml_provider_arn
     aws_environment   = local.account_environment
@@ -184,12 +189,20 @@ data "template_file" "role" {
 }
 
 resource "null_resource" "role_ldif" {
-  count = local.enable_ldap ? 1 : 0
+  count = var.create && local.enable_ldap ? 1 : 0
+  triggers = {
+    name = local.role_name
+  }
+
   provisioner "local-exec" {
     command = "test -d ${path.root}/setup || mkdir ${path.root}/setup"
   }
   provisioner "local-exec" {
-    command = "echo '${data.template_file.role[0].rendered}' > ${path.root}/setup/${aws_iam_role.role.name}.ldif"
+    command = "echo '${data.template_file.role[0].rendered}' > ${path.root}/setup/${local.role_name}.ldif"
+  }
+  provisioner "local-exec" {
+    when    = destroy
+    command = format("rm -f %v/setup/%v.ldif", path.root, local.role_name)
   }
   provisioner "local-exec" {
     command = "echo 'Once complete, execute tf-apply again to create LDAP group'"
@@ -197,7 +210,7 @@ resource "null_resource" "role_ldif" {
 }
 
 resource "ldap_object" "role" {
-  count = local.ldap_exists && local.enable_ldap ? 1 : 0
+  count = var.create && local.ldap_exists && local.enable_ldap ? 1 : 0
   #  count    = local.enable_ldap ? 1 : 0
   provider = ldap
   dn       = local.ldap_dn
diff --git a/outputs.tf b/outputs.tf
index 1deda7d..7e4c4b2 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,17 +1,17 @@
 
 output "role_arn" {
   description = "Created role ARN"
-  value       = aws_iam_role.role.arn
+  value       = var.create ? aws_iam_role.role[0].arn : ""
 }
 
 output "role_name" {
   description = "Created role name"
-  value       = aws_iam_role.role.name
+  value       = var.create ? aws_iam_role.role[0].name : ""
 }
 
 output "ldap_dn" {
   description = "Created LDAP DN for role (empty if ldap is not enabled)"
-  value       = local.enable_ldap ? local.ldap_dn : ""
+  value       = local.enable_ldap && var.create ? local.ldap_dn : ""
 }
 
 output "instance_profile_arn" {
diff --git a/variables.create.tf b/variables.create.tf
new file mode 100644
index 0000000..b881a74
--- /dev/null
+++ b/variables.create.tf
@@ -0,0 +1,6 @@
+variable "create" {
+  description = "Flag to indicate whether to create the resources or not (default: true)"
+  type        = bool
+  default     = true
+}
+
diff --git a/version.tf b/version.tf
index aa8147b..d36f45e 100644
--- a/version.tf
+++ b/version.tf
@@ -1,4 +1,4 @@
 locals {
-  _module_version = "1.3.5"
-  #  _module_version = "2.1.1"
+  _module_version = "1.4.0"
+  #  _module_version = "2.2.0"
 }