Terraformcloud~5 mins

Remote-exec provisioner in Terraform - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes after creating a server, you want to run commands on it to set it up. The remote-exec provisioner in Terraform lets you do this by connecting to the server and running commands automatically.

When you want to install software on a new virtual machine right after it is created.

When you need to configure settings on a server that Terraform created without logging in manually.

When you want to run a script on a remote server to prepare it for your application.

When you want to automate server setup steps like updating packages or starting services.

When you want to run commands on a server in a cloud environment right after deployment.

Config File - main.tf

main.tf

provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get install -y nginx"
    ]

    connection {
      type        = "ssh"
      user        = "ubuntu"
      private_key = file("~/.ssh/id_rsa")
      host        = self.public_ip
    }
  }
}

This Terraform file creates an AWS EC2 instance using a specific Ubuntu AMI.

The remote-exec provisioner runs commands on the instance after it is created.

The inline block lists commands to update the package list and install nginx.

The connection block tells Terraform how to connect to the instance using SSH with a private key and the instance's public IP.

Commands

This command sets up Terraform in the current folder by downloading the AWS provider plugin. It prepares Terraform to work with AWS resources.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure.

This command creates the AWS EC2 instance and runs the remote-exec provisioner commands automatically without asking for confirmation.

Terminal

terraform apply -auto-approve

Expected OutputExpected

aws_instance.example: Creating... aws_instance.example: Still creating... [10s elapsed] aws_instance.example: Creation complete after 20s [id=i-0abcd1234efgh5678] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

→

-auto-approve - Skip manual approval to apply changes immediately

This command shows the current state of the infrastructure Terraform manages, including the instance details and provisioner status.

Terminal

terraform show

Expected OutputExpected

aws_instance.example: id = i-0abcd1234efgh5678 ami = ami-0c55b159cbfafe1f0 instance_type = t2.micro public_ip = 54.210.123.45 provisioner "remote-exec" executed successfully

Key Concept

If you remember nothing else from this pattern, remember: remote-exec runs commands on a new server by connecting over SSH right after Terraform creates it.

Common Mistakes

Not setting up the SSH connection block correctly with the right user, private key, or host.

Terraform cannot connect to the server to run commands, so the provisioner fails.

Always specify the correct SSH user, provide the private key file path, and use the server's public IP or hostname.

Running remote-exec on an instance that is not yet ready to accept SSH connections.

Commands fail because the server is still booting or SSH service is not ready.

Use Terraform resource dependencies or wait for the instance to be fully ready before running remote-exec.

Using remote-exec for complex or long-running setup tasks.

Provisioners are not reliable for complex setups and can cause Terraform runs to fail or hang.

Use configuration management tools or baked AMIs for complex setups; use remote-exec only for simple commands.

Summary

Use terraform init to prepare Terraform with the AWS provider.

Use terraform apply to create the instance and run remote commands automatically.

Check the infrastructure state with terraform show to confirm the instance and provisioner ran.