Terraform Provisioner
Links: 113 Terraform Index
Provisioners¶
- Provisioners provide a way for us to carry out tasks like running commands or scripts on remote resources or on the local machine.
- Provisioner block directly goes inside the resource block.
For the provisioner script/commands to work there should be network connectivity between the local machine (running terraform) and the remote instance.
-
Example of remote exec provisioner:
-
Local exec provisioner is used to run tasks in the local machine where we are running terraform and NOT on the resources that are created by terraform.
- This is handy when we want to gather some information and write to a file locally.
- For example storing the public IP address of an EC2 instance that was just provisioned.
By default provisioners are run after the resource is created. This is also known as the create time provisioner.
- We can also run a provisioner before a resource is destroyed. This is known as destroy time provisioner.
- This is done using the
whencommand 
- This is done using the
-
Another default behaviour of provisioner is that if the command fails then terraform apply also errors out.
- This is set using
on_failure = fail(default, need not be specified) but we can make terraform continue execution by settingon_failure = continue - When a
terraform applyfails due toon_failure = failterraform resource is marked as tainted.
- This is set using
-
As a best practice terraform recommends using provisioners as the last resort.
- For example for running scripts in EC2 instances use
user_datainstead of using terraform remote exec provisioner. - Keep post processing tasks to a minimum and build custom images that will have all the required software.
- This can be done using templating tools like Packer in a declarative way.
- For example for running scripts in EC2 instances use
Last updated: 2023-01-11