0
0
Terraformcloud~10 mins

Why provisioners are a last resort in Terraform - Visual Breakdown

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Why provisioners are a last resort
Start Terraform Apply
Create Resource
Check if Provisioner Needed?
NoFinish
Yes
Run Provisioner Script
Provisioner Success?
NoError: Fail Apply
Yes
Finish
Terraform creates resources first, then runs provisioners only if needed. If provisioners fail, the apply fails, so they are used only as a last step.
Execution Sample
Terraform
resource "aws_instance" "example" {
  ami           = "ami-123456"
  instance_type = "t2.micro"

  provisioner "local-exec" {
    command = "echo Hello"
  }
}
This Terraform code creates an AWS instance and runs a local command after creation.
Process Table
StepActionResource StateProvisioner RunResult
1Start applyNo resourcesNoBegin deployment
2Create aws_instance.exampleInstance createdNoResource ready
3Check provisionerInstance createdYesRun local-exec
4Run provisioner commandInstance createdYesCommand executed successfully
5Provisioner success?Instance createdYesApply completes successfully
💡 Provisioners run only after resource creation; failure causes apply to fail, so use sparingly.
Status Tracker
VariableStartAfter Step 2After Step 4Final
Resource StateNoneCreatedCreatedCreated
Provisioner StatusNot runNot runSuccessSuccess
Key Moments - 3 Insights
Why does Terraform run provisioners only after resource creation?
Because provisioners depend on the resource existing; as shown in execution_table step 3, provisioners run after creation to configure the resource.
What happens if a provisioner fails during apply?
Terraform stops and marks apply as failed, as seen in the flow where failure leads to error and no finish, so provisioners can cause deployment to fail.
Why should provisioners be a last resort?
Because they add risk of failure and reduce Terraform's ability to manage resources declaratively, shown by the dependency on provisioner success to complete apply.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, at which step does Terraform run the provisioner?
AStep 2
BStep 3
CStep 1
DStep 5
💡 Hint
Check the 'Provisioner Run' column in execution_table rows.
According to variable_tracker, what is the Provisioner Status after step 4?
ASuccess
BNot run
CFailed
DUnknown
💡 Hint
Look at the 'Provisioner Status' row and the 'After Step 4' column.
If the provisioner command fails, what happens to the apply process?
AApply continues without error
BApply retries automatically
CApply fails and stops
DProvisioner is skipped
💡 Hint
Refer to concept_flow where failure leads to 'Error: Fail Apply'.
Concept Snapshot
Terraform creates resources first.
Provisioners run only after resource creation.
If provisioners fail, apply fails.
Use provisioners only as a last resort.
They add risk and reduce declarative control.
Full Transcript
Terraform first creates the resource. After creation, it checks if any provisioners need to run. If yes, it runs the provisioner scripts. If the provisioner succeeds, the apply finishes successfully. If the provisioner fails, Terraform stops and marks the apply as failed. Because provisioners can cause failures and reduce Terraform's declarative management, they should be used only as a last resort.