diff --git a/CHANGELOG.md b/CHANGELOG.md
index 85e5bb3..92c5560 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -75,5 +75,6 @@
* v1.9.0 -- 20210405
- ldap-get-attribute
- add new submodule to retrieve an attribute value from a search
+ - move it out to its own module
diff --git a/ldap-get-attribute/README.md b/ldap-get-attribute/README.md
deleted file mode 100644
index 55c1c6e..0000000
--- a/ldap-get-attribute/README.md
+++ /dev/null
@@ -1,82 +0,0 @@
-# aws-inf-setup :: ldap-get-attribute
-
-This allows for a simple LDAP search filter against, by default eDirectory ldap.tco.census.gov.
-It returns an object with count, status, the attribute, the dn(s) and the attribute value(s).
-DN and values are returned in a list. This is intended to search for only a single attribute,
-which may be multi-value. It also returns the DN and CN.
-
-For a query that returns multiple entries, where those entries do all not possess the same
-attribute, the DN to attribute value will not match. That is, it returns only a list of
-the attributes for the objects which have them in no particular order.
-
-# Usage
-Here is a simple example to get the email address of user `badra001`.
-
-```hcl
-module "user_badra001" {
- source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//ldap-get-attribute"
-
- filter = "cn=badra001"
- attribute = "mail"
- # optional
- # ldap_uri = "ldaps://ldap.tco.census.gov"
- # ldap_base_dn = "o=U.S. Census Bureau,c=US"
-
- # TBD
- # ldap_user =
- # ldap_pass =
-}
-```
-
-# Sample Output
-```hcl
-search_results = {
- "attribute" = "mail"
- "attribute_value" = [
- "donald.e.badrak.ii@census.gov",
- ]
- "count" = "1"
- "dn" = [
- "cn=badra001,ou=People,o=U.S. Census Bureau,c=US",
- ]
- "cn" = [
- "badra001"
- ]
- "status" = "0"
-}
-```
-
-## Requirements
-
-No requirements.
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [external](#provider\_external) | n/a |
-
-## Modules
-
-No modules.
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [external_external.search](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [attribute](#input\_attribute) | LDAP attribute to return | `string` | `"dn"` | no |
-| [filter](#input\_filter) | LDAP search filter | `string` | n/a | yes |
-| [ldap\_base\_dn](#input\_ldap\_base\_dn) | LDAP base DN for search | `string` | `"o=U.S. Census Bureau,c=US"` | no |
-| [ldap\_uri](#input\_ldap\_uri) | LDAP URI {scheme}://{hostname}:{port} | `string` | `"ldaps://ldap.tco.census.gov"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [search\_result](#output\_search\_result) | Object from ldap search result showing count, status, cn, dn, attribute and attribute\_value |
diff --git a/ldap-get-attribute/bin/external_ldapsearch.sh b/ldap-get-attribute/bin/external_ldapsearch.sh
deleted file mode 100755
index e8dbc15..0000000
--- a/ldap-get-attribute/bin/external_ldapsearch.sh
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/bash
-
-cleanup()
-{
- local rstatus=$?
- if [ ! -z $LDIF]
- then
- test -e $LDIF && rm $LDIF
- fi
- exit $rstatus
-}
-
-trap cleanup EXIT
-
-#set -e
-eval "$(jq -r '@sh "LDAP_BASE_DN=\(.ldap_base_dn) FILTER=\(.filter) ATTRIBUTE=\(.attribute) LDAP_URL=\(.ldap_url)"')"
-
-if [[ -z $LDAP_BASE_DN ]] || [[ "$LDAP_BASE_DN" == "null" ]]
-then
- LDAP_BASE_DN="o=U.S. Census Bureau,c=US"
-fi
-
-if [[ -z $LDAP_URL ]] || [[ "$LDAP_URL" == "null" ]]
-then
- LDAP_URL="ldaps://ldap.tco.census.gov"
-fi
-
-if [[ -z "$FILTER" ]] || [[ "$FILTER" == "null" ]]
-then
- FILTER=""
-fi
-
-if [[ -z "$ATTRIBUTE" ]] || [[ "$ATTRIBUTE" == "null" ]]
-then
- ATTRIBUTE="dn"
-fi
-
-if [ -z "$FILTER" ]
-then
- echo "* no filter provided"
- exit 1
-fi
-
-LDIF=$(mktemp)
-ldapsearch -x -LLL -o ldif-wrap=no -H "$LDAP_URL" -b "$LDAP_BASE_DN" "$FILTER" "cn $ATTRIBUTE" > $LDIF
-status=$?
-
-DN=$(grep "^dn:" $LDIF | sed -e 's/^dn: //')
-CN=$(grep "^cn:" $LDIF | sed -e 's/^cn: //')
-VALUE=$(grep -i "^$ATTRIBUTE:" $LDIF | sed -e "s/^$ATTRIBUTE: //")
-COUNT=$(grep -c "^dn:" $LDIF)
-
-jq -n --arg dn "$DN" --arg cn "$CN" --arg attribute "$ATTRIBUTE" --arg value "$VALUE" --arg status "$status" --arg count "$COUNT" \
- '{"dn":$dn,"attribute":$attribute,"attribute_value":$value,"status":$status,"count":$count}'
diff --git a/ldap-get-attribute/main.tf b/ldap-get-attribute/main.tf
deleted file mode 100644
index 9a3b8fc..0000000
--- a/ldap-get-attribute/main.tf
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
-* # aws-inf-setup :: ldap-get-attribute
-*
-* This allows for a simple LDAP search filter against, by default eDirectory ldap.tco.census.gov.
-* It returns an object with count, status, the attribute, the dn(s) and the attribute value(s).
-* DN and values are returned in a list. This is intended to search for only a single attribute,
-* which may be multi-value. It also returns the DN and CN.
-*
-* For a query that returns multiple entries, where those entries do all not possess the same
-* attribute, the DN to attribute value will not match. That is, it returns only a list of
-* the attributes for the objects which have them in no particular order.
-*
-* # Usage
-* Here is a simple example to get the email address of user `badra001`.
-*
-* ```hcl
-* module "user_badra001" {
-* source = "git@github.e.it.census.gov:terraform-modules/aws-inf-setup.git//ldap-get-attribute"
-*
-* filter = "cn=badra001"
-* attribute = "mail"
-* # optional
-* # ldap_uri = "ldaps://ldap.tco.census.gov"
-* # ldap_base_dn = "o=U.S. Census Bureau,c=US"
-*
-* # TBD
-* # ldap_user =
-* # ldap_pass =
-* }
-* ```
-*
-* # Sample Output
-* ```hcl
-* search_results = {
-* "attribute" = "mail"
-* "attribute_value" = [
-* "donald.e.badrak.ii@census.gov",
-* ]
-* "count" = "1"
-* "dn" = [
-* "cn=badra001,ou=People,o=U.S. Census Bureau,c=US",
-* ]
-* "cn" = [
-* "badra001"
-* ]
-* "status" = "0"
-* }
-* ```
-*/
-
-locals {
- base_tags = {
- "boc:tf_module_version" = local._module_version
- "boc:created_by" = "terraform"
- }
-}
-
-data "external" "search" {
- program = ["bash", "${path.module}/bin/external_ldapsearch.sh"]
- # output {object}.result.{status,count,dn,attribute,attribute_value}
- query = {
- "ldap_uri" = var.ldap_uri
- "ldap_base_dn" = var.ldap_base_dn
- "filter" = var.filter
- "attribute" = var.attribute
- }
-}
diff --git a/ldap-get-attribute/outputs.tf b/ldap-get-attribute/outputs.tf
deleted file mode 100644
index efaed0b..0000000
--- a/ldap-get-attribute/outputs.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-output "search_result" {
- description = "Object from ldap search result showing count, status, cn, dn, attribute and attribute_value"
- value = {
- "count" = data.external.ldap_user.result.count
- "status" = data.external.ldap_user.result.status
- "attribute" = data.external.ldap_user.result.attribute
- "cn" = split("\n", data.external.ldap_user.result.cn)
- "dn" = split("\n", data.external.ldap_user.result.dn)
- "attribute_value" = split("\n", data.external.ldap_user.result.attribute_value)
- }
-}
diff --git a/ldap-get-attribute/variables.tf b/ldap-get-attribute/variables.tf
deleted file mode 100644
index ec67586..0000000
--- a/ldap-get-attribute/variables.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-variable "filter" {
- description = "LDAP search filter"
- type = string
-}
-
-variable "attribute" {
- description = "LDAP attribute to return"
- type = string
- default = "dn"
-}
-
-variable "ldap_uri" {
- description = "LDAP URI {scheme}://{hostname}:{port}"
- type = string
- default = "ldaps://ldap.tco.census.gov"
-}
-
-variable "ldap_base_dn" {
- description = "LDAP base DN for search"
- type = string
- default = "o=U.S. Census Bureau,c=US"
-}
-
-# variable "ldap_user" {
-# description = "LDAP bind username"
-# type = string
-# default = ""
-# }
-#
-# variable "ldap_password" {
-# description = "LDAP bind password"
-# type = string
-# default = ""
-# }
diff --git a/ldap-get-attribute/version.tf b/ldap-get-attribute/version.tf
deleted file mode 120000
index b83c5b7..0000000
--- a/ldap-get-attribute/version.tf
+++ /dev/null
@@ -1 +0,0 @@
-../common/version.tf
\ No newline at end of file