Task 8 - Understanding Removal of Resources with Terraform
When you are working in a declarative configuration model, instead of configuring objects of the data model for “deletion” or “removal”, the absence of the object in the data model is what indicates that the object should be removed from the configuration.
Terraform not only creates and updates resources—it also handles safe and predictable removal of any resources that are no longer defined in the configuration. This behavior is a core part of Infrastructure as Code, ensuring that the deployed environment always reflects the desired state.
Terraform tracks every managed resource in the state file. During a terraform plan, it compares:
- What is currently deployed (from the state),
- What should exist (from your configuration files). If a resource exists in the state file but no longer appears in your configuration, Terraform marks it for deletion.
Let’s check one example. You do not need to follow along, this is just for education purposes:
In our configuration, let’s say we have defined snmp:
...snmp: access: users users: - username: snmpuser passphrase: !env secret_passwordIf we decide that we do not want to have it configured anymore, we simply remove above configuration from the YAML file or comment out the lines that you intend to remove.
When re-running the terraform plan, it will identify that the resource will be destroyed:
# module.meraki.meraki_network_snmp.networks_snmp["EU/Meraki Learning Lab/Amsterdam-Network-1"] will be destroyed # (because key ["EU/Meraki Learning Lab/Amsterdam-Network-1"] is not in for_each map) - resource "meraki_network_snmp" "networks_snmp" { - access = "users" -> null - id = "L_3859584880656524698" -> null - network_id = "L_3859584880656524698" -> null - users = [ - { - passphrase = "C1sco12345!!66" -> null - username = "snmpuser" -> null }, ] -> null }Always review the plan carefully before applying to understand the impact, especially when deletions are involved.
Step 1: Remove all Configurations
Section titled “Step 1: Remove all Configurations”In this task, let us remove all the configurations that were deployed throughout this lab by removing the YAML data model files.
Navigate to the
data/folder in your Code Server and delete all the.nac.yamlfiles that you have been adding throughout the lab.Terminal window cd /home/dcloud/network-as-code/meraki-as-code/rm data/*.nac.yamlWith the
data/folder now empty, Terraform has no configuration to manage. Every resource that was previously deployed — the organization, networks, wireless SSIDs, switch policies, appliance VLANs, and any playground configurations — exists in the state file but no longer appears in the configuration.Run
terraform planto see what Terraform intends to do:Terminal window terraform planYou should see every previously created resource marked with
-(destroy). The plan summary will show something similar to:Plan: 0 to add, 0 to change, X to destroy.Once you have reviewed the plan and confirmed you are ready to remove everything, apply the changes:
Terminal window terraform applyReview the plan summary and enter
yesto confirm.Do you want to perform these actions?Terraform will perform the actions described above.Only 'yes' will be accepted to approve.Enter a value: yesWait for the destruction to complete. Terraform will remove each resource and display its progress. Once done, you should see:
Destroy complete! Resources: X destroyed.Navigate to your Meraki Dashboard and verify that all the previously deployed configurations have been removed — You will no longer see the Organizations and it’s networks you created.
This demonstrates the full lifecycle of Infrastructure as Code: create → update → destroy — all driven by the contents of your data model files. The same declarative approach that deploys your configuration also cleans it up when the configuration is removed.