Terraform:Create or delete a member in a resource directory by using Terraform

Prerequisites

• To reduce information security risks, we recommend that you use a RAM user of the management account of the resource directory to complete the operations in this tutorial and grant the AliyunResourceDirectoryFullAccess permission to the RAM user. For more information, see Create a RAM user and Grant permissions to a RAM user.

• You can delete a member only if the member deletion feature is enabled for the resource directory to which the member belongs. For more information, see Enable or disable the member deletion feature.

• You can delete only members that are created in the resource directory. You cannot delete members of the cloud account type that are added to a resource directory after an invitation. For more information about how to delete a member, see Delete a member of the resource account type.

• The runtime environment for Terraform is prepared by using one of the following methods:

  • Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the environment and use Terraform without needing to install it. Suitable for scenarios where you need to use and debug Terraform in a low-cost, efficient, and convenient manner.

  • Use Terraform in Cloud Shell: Cloud Shell is preinstalled with Terraform and configured with your identity credentials. You can run Terraform commands in Cloud Shell. Suitable for scenarios where you need to use and access Terraform in a low-cost, efficient, and convenient manner.

  • Install and configure Terraform on your on-premises machine: Suitable for scenarios where network connections are unstable or a custom development environment is needed.

Resources

• alicloud_resource_manager_account: a member of a resource directory.

• alicloud_resource_manager_account_deletion_check_task: an account check before you delete a member from a resource directory.

Step 1: Create a member

1. Create a working directory. Then, create a configuration file named main.tf in the directory. The following code creates a member and generates the member UID. Copy the code to the main.tf file.

   resource "random_integer" "default" {
     min = 10000
     max = 99999
   }
   resource "alicloud_resource_manager_account" "default" {
     display_name = "RDAccount_auto_${random_integer.default.result}"
   }
   
   output "created_account_id" {
     value = alicloud_resource_manager_account.default.id
   }

2. Run the following command to initialize the Terraform runtime environment:

   terraform init

   If the following information is returned, Terraform is initialized.

   Terraform has been successfully initialized!
   
   You may now begin working with Terraform. Try running "terraform plan" to see
   any changes that are required for your infrastructure. All Terraform commands
   should now work.
   
   If you ever set or change modules or backend configuration for Terraform,
   rerun this command to reinitialize your working directory. If you forget, other
   commands will detect it and remind you to do so if necessary.

3. Run the following command to run the code.

   terraform apply

   During code execution, enter yes as prompted and press the Enter key. Wait until the command is run. If the following information is returned, the code is executed. Record the member UID for subsequent deletion of the member.

   You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
   
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: yes
   
   Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.
   Outputs:
   
   created_account_id = 10638349********

4. Verify the result.

   Run the terraform show command

   Run the following command in the working directory to query the details of the resource that is created by using Terraform:

   terraform show

   

   Log on to the console

   Log on to the Resource Management console. Choose Resource Directory > Management and view the member that you created in Resource Organization View or Member List View.

   

Step 2: Delete a member

1. Modify the main.tf file, add the account check that is performed you delete a member, and change the value of account_id to the member UID. Refer to the following sample code:

   resource "random_integer" "default" {
     min = 10000
     max = 99999
   }
   
   # The member.
   resource "alicloud_resource_manager_account" "example" {
     display_name          = "RDAccount_auto_${random_integer.default.result}"
     abandon_able_check_id = data.alicloud_resource_manager_account_deletion_check_task.task.abandon_able_checks.*.check_id
   }
   
   # The precheck before the member is deleted.
   data "alicloud_resource_manager_account_deletion_check_task" "task" {
     account_id = "10638349********"
   }

2. Run the following command to start the account check before you delete a member from the resource directory:

   terraform apply

   During code execution, enter yes as prompted and press the Enter key. Wait until the command is run. If the following information is returned, the code is executed.

   You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
   
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: yes
   
   Apply complete!  Resources: 0 added, 1 changed, 0 destroyed.

3. Run the following command to delete the member:

   terraform destroy

   During code execution, enter yes as prompted and press the Enter key. Wait until the command is run. If the following information is returned, the code is executed.

   random_integer.default: Refreshing state... [id=*****]
   data.alicloud_resource_manager_account_deletion_check_task.task: Refreshing state...
   alicloud_resource_manager_account.example: Refreshing state... [id=10638349********]
   
   Plan: 0 to add, 0 to change, 2 to destroy.
   
   Do you really want to destroy all resources?
     Terraform will destroy all your managed infrastructure, as shown above.
     There is no undo. Only 'yes' will be accepted to confirm.
   
     Enter a value: yes
   
   Destroy complete!  Resources: 2 destroyed.

4. Verify the result.

   Log on to the Resource Management console. In the top navigation pane, choose Resource Directory > Management. Click Resource Organization View or Member List View in the upper right corner. The member is displayed in the Deleting state.

   

   Click View Deletion Progress in the Actions column of the member. The message shows that the member is in the deletion silence period. For more information about the silence period, see What is the silence period for member deletion? After the silence period ends, the system automatically starts to delete the member.