diff --git a/README.md b/README.md
index 1a7ef13..b62a99f 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,6 @@ Available targets:
 | <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| <a name="input_overwrite_ssm_parameter"></a> [overwrite\_ssm\_parameter](#input\_overwrite\_ssm\_parameter) | Whether to overwrite an existing SSM parameter | `bool` | `true` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_rsa_bits"></a> [rsa\_bits](#input\_rsa\_bits) | When ssh\_key\_algorithm is 'RSA', the size of the generated RSA key in bits | `number` | `4096` | no |
 | <a name="input_ssh_key_algorithm"></a> [ssh\_key\_algorithm](#input\_ssh\_key\_algorithm) | SSH key algorithm to use. Currently-supported values are 'RSA' and 'ECDSA' | `string` | `"RSA"` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 58ea1d9..d27efe1 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -54,7 +54,6 @@
 | <a name="input_labels_as_tags"></a> [labels\_as\_tags](#input\_labels\_as\_tags) | Set of labels (ID elements) to include as tags in the `tags` output.<br>Default is to include all labels.<br>Tags with empty values will not be included in the `tags` output.<br>Set to `[]` to suppress all generated tags.<br>**Notes:**<br>  The value of the `name` tag, if included, will be the `id`, not the `name`.<br>  Unlike other `null-label` inputs, the initial setting of `labels_as_tags` cannot be<br>  changed in later chained modules. Attempts to change it will be silently ignored. | `set(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| <a name="input_overwrite_ssm_parameter"></a> [overwrite\_ssm\_parameter](#input\_overwrite\_ssm\_parameter) | Whether to overwrite an existing SSM parameter | `bool` | `true` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_rsa_bits"></a> [rsa\_bits](#input\_rsa\_bits) | When ssh\_key\_algorithm is 'RSA', the size of the generated RSA key in bits | `number` | `4096` | no |
 | <a name="input_ssh_key_algorithm"></a> [ssh\_key\_algorithm](#input\_ssh\_key\_algorithm) | SSH key algorithm to use. Currently-supported values are 'RSA' and 'ECDSA' | `string` | `"RSA"` | no |
diff --git a/main.tf b/main.tf
index a1c6a96..3fcdb86 100644
--- a/main.tf
+++ b/main.tf
@@ -44,9 +44,8 @@ resource "aws_ssm_parameter" "private_rsa_key" {
   name        = local.ssh_private_key_ssm_path
   description = "TLS Private Key"
   type        = "SecureString"
-  key_id      = join("", data.aws_kms_key.kms_key.*.id)
-  value       = join("", tls_private_key.default_rsa.*.private_key_pem)
-  overwrite   = var.overwrite_ssm_parameter
+  key_id      = join("", data.aws_kms_key.kms_key[*].id)
+  value       = join("", tls_private_key.default_rsa[*].private_key_pem)
   depends_on  = [tls_private_key.default_rsa]
   tags        = module.this.tags
 }
@@ -56,8 +55,7 @@ resource "aws_ssm_parameter" "public_rsa_key" {
   name        = local.ssh_public_key_ssm_path
   description = "TLS Public Key (OpenSSH - ${var.ssh_key_algorithm})"
   type        = "String"
-  value       = join("", tls_private_key.default_rsa.*.public_key_openssh)
-  overwrite   = var.overwrite_ssm_parameter
+  value       = join("", tls_private_key.default_rsa[*].public_key_openssh)
   depends_on  = [tls_private_key.default_rsa]
   tags        = module.this.tags
 }
@@ -67,9 +65,8 @@ resource "aws_ssm_parameter" "private_ecdsa_key" {
   name        = local.ssh_private_key_ssm_path
   description = "TLS Private Key (${var.ssh_key_algorithm})"
   type        = "SecureString"
-  key_id      = join("", data.aws_kms_key.kms_key.*.id)
-  value       = join("", tls_private_key.default_ecdsa.*.private_key_pem)
-  overwrite   = var.overwrite_ssm_parameter
+  key_id      = join("", data.aws_kms_key.kms_key[*].id)
+  value       = join("", tls_private_key.default_ecdsa[*].private_key_pem)
   depends_on  = [tls_private_key.default_ecdsa]
   tags        = module.this.tags
 }
@@ -79,8 +76,7 @@ resource "aws_ssm_parameter" "public_ecdsa_key" {
   name        = local.ssh_public_key_ssm_path
   description = "TLS Public Key (${var.ssh_key_algorithm})"
   type        = "String"
-  value       = join("", tls_private_key.default_ecdsa.*.public_key_openssh)
-  overwrite   = var.overwrite_ssm_parameter
+  value       = join("", tls_private_key.default_ecdsa[*].public_key_openssh)
   depends_on  = [tls_private_key.default_ecdsa]
   tags        = module.this.tags
 }
diff --git a/outputs.tf b/outputs.tf
index 5c2497f..44c703b 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,5 +1,5 @@
 output "public_key" {
-  value       = local.rsa ? join("", tls_private_key.default_rsa.*.public_key_openssh) : join("", tls_private_key.default_ecdsa.*.public_key_openssh)
+  value       = local.rsa ? join("", tls_private_key.default_rsa[*].public_key_openssh) : join("", tls_private_key.default_ecdsa[*].public_key_openssh)
   description = "Content of the generated public key"
 }
 
diff --git a/variables.tf b/variables.tf
index 3551a6d..c3fc21c 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,9 +1,3 @@
-variable "overwrite_ssm_parameter" {
-  type        = bool
-  default     = true
-  description = "Whether to overwrite an existing SSM parameter"
-}
-
 variable "ssm_path_format" {
   type        = string
   description = "SSM path format"