FAQ

Contents

• Does Metastructure replace Terraform?
• Why bother with config actions? Why not just remove a resource from the template and let Terraform handle resource destruction?

Does Metastructure replace Terraform?

Absolutely not!

Metastructure is a template-driven code generator. You can use it to generate all sorts of code, but its primary target is Terraform.

Any significant infrastructure involves a lot of repetition. Many accounts will share a common set of resources, and all can be configured according to a small set of patterns.

Metastructure's job is to capture these patterns into templates. Done right, these templates are generic enough that you never really need to touch the template again unless you need to change the PATTERN.

The Metastructure Template Repo bootstrap/accounts template is a great example. It allows you to add new accounts to your Organization, configure their participation in SSO and Organizational Units, and remove them from your Organization... all from your project config file, and all without touching the tempate or a single line of Terraform code!

So Metastructure dosn't divorce you from Terraform... but it DOES encourage you to write less way less Terraform code, and to structure the code you DO write as generically as possible.

Why bother with config actions? Why not just remove a resource from the template and let Terraform handle resource destruction?

This question applies to the following entities specified in your project config:

• accounts
• organizational units
• sso users

Each of these is templated such that Metastructure updates write the relevant resource ids back to your config or override file. Each also permits an optional action property, which can be set either to destroy or remove.

If you remove one of these resources from your config or from template support, the effect is just like removing any other resource from your Terraform code: since the resource is represented in your Terraform state, its absence from your code tells Terraform you want to destroy it. If you want to REMOVE the resource, you have to do it explicitly, either at the command line or with a remove block.

This gets a litte complicated when the resource in question is an AWS account. In this case, while removing the resource still tells Terraform to destroy the resource, the related PROVIDER still needs to exist long enough to provide account access so Terraform can destroy the related resources contained in the account.

This can get complicated VERY quickly! Metastructure dramatically simplifies the process of account destruction:

1. Add action: destroy to the relevant account object in your config and run Metastructure. Metastructure will retain the account's provider but detsroy all relevant resources.

2. Remove the account object from your config and run Metastructure again to clean up (really just the generation & output steps are necessary).

You can run the same sequence with action: remove to remove resources from your state without destroying them.

Aside from simplifiying operations, the goal here is to maintain the Metastructure Template Repo as a reference implementation. You can and should EXTEND its templates. You should never have to MODIFY them. If you think you do, please start a discussion and let's improve our templates!

Incidentally, you should recognize this as an expression of the Open-Closed Principle, which is the "O" in SOLID.

This is just one of Metastructure's key Design Principles.

See Config Actions for more information.