diff --git a/iam-saml/main.tf b/iam-saml/main.tf
index 67cb0c8..1ed4417 100644
--- a/iam-saml/main.tf
+++ b/iam-saml/main.tf
@@ -47,6 +47,8 @@ locals {
   }
 }
 
+# this creates the directory if it doesn't exist
+
 resource "null_resource" "saml_metadata" {
   provisioner "local-exec" {
     command = "test -d ${path.root}/setup || mkdir ${path.root}/setup"
@@ -62,6 +64,10 @@ resource "null_resource" "saml_metadata" {
 ##   }
 ## }
 
+# had to move this to an external resource.  We need the contents of the metadata file, from a script
+# to be availalbe to the provider *after* it runs.  Could not seem to find some other way to read
+# a non-existent file and do it at run-time.
+
 data "external" "saml_metadata" {
   program = ["bash", "${path.module}/bin/external_get-saml-metadata.sh"]
   # output {object}.results.{output_file,status,value}
@@ -70,15 +76,11 @@ data "external" "saml_metadata" {
     "output_file"     = local.saml_metadata_file
     #    "url_prefix" = ""
   }
-  #  depends_on = [null_resource.saml_metadata]
 }
 
 resource "aws_iam_saml_provider" "saml" {
-  #  count                  = fileexists(local.saml_metadata_file) ? 1 : 0
-  name = var.saml_provider_name
-  #  saml_metadata_document = fileexists(local.saml_metadata_file) ? file(local.saml_metadata_file) : file("${path.module}/empty_metadata.xml")
+  name                   = var.saml_provider_name
   saml_metadata_document = data.external.saml_metadata.result.value
-  #  depends_on             = [null_resource.saml_metadata]
 
   # when the provider supports tags, enable this section
   #  tags = merge(