Terraformcloud~5 mins

Why provisioners run scripts on resources in Terraform - Why It Works

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Sometimes after creating a resource like a server, you need to run extra setup steps on it. Provisioners let you run scripts or commands on those resources automatically to finish configuration.

When you want to install software on a new virtual machine right after it is created

When you need to copy configuration files to a server after provisioning

When you want to run a script to initialize a database on a cloud instance

When you must set up user accounts or permissions on a resource after creation

When you want to automate manual setup steps that happen after resource creation

Config File - main.tf

main.tf

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get install -y nginx"
    ]

    connection {
      type        = "ssh"
      user        = "ubuntu"
      private_key = file("~/.ssh/id_rsa")
      host        = self.public_ip
    }
  }
}

This Terraform file creates an AWS EC2 instance using a specific AMI and instance type.

The provisioner "remote-exec" block runs commands on the instance after it is created. Here it updates the package list and installs nginx.

The connection block tells Terraform how to connect to the instance via SSH to run the commands.

Commands

This command initializes the Terraform working directory and downloads necessary provider plugins.

Terminal

terraform init

Expected OutputExpected

Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... - Installing hashicorp/aws v4.0.0... - Installed hashicorp/aws v4.0.0 (signed by HashiCorp) Terraform has been successfully initialized!

This command creates the AWS instance and runs the provisioner scripts automatically without asking for confirmation.

Terminal

terraform apply -auto-approve

Expected OutputExpected

aws_instance.example: Creating... aws_instance.example: Still creating... [10s elapsed] aws_instance.example: Creation complete after 20s [id=i-0abcd1234efgh5678] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Running provisioner: remote-exec on aws_instance.example

→

-auto-approve - Skip interactive approval prompt

This command shows the current state of the infrastructure including the created instance.

Terminal

terraform show

Expected OutputExpected

# aws_instance.example: resource "aws_instance" "example" { ami = "ami-0c55b159cbfafe1f0" arn = "arn:aws:ec2:us-east-1:123456789012:instance/i-0abcd1234efgh5678" associate_public_ip_address = true availability_zone = "us-east-1a" instance_type = "t2.micro" key_name = "my-key" private_ip = "10.0.0.123" public_ip = "54.123.45.67" subnet_id = "subnet-0abc1234def56789" tags = { "Name" = "example" } }

Key Concept

Provisioners let Terraform run setup scripts on resources right after creating them to automate configuration steps.

Common Mistakes

Not specifying the connection details for remote-exec provisioner

Terraform cannot connect to the resource to run the script, so the provisioner fails.

Always provide correct connection info like user, host, and authentication method.

Using provisioners for complex or long-running configuration tasks

Provisioners can cause apply to fail or hang if scripts take too long or have errors.

Use configuration management tools or cloud-init for complex setups instead of provisioners.

Ignoring provisioner failures and continuing apply

Provisioner errors mean the resource is not fully configured, causing runtime problems.

Fix script errors and rerun apply until provisioners succeed.

Summary

Initialize Terraform with 'terraform init' to prepare the environment.

Create resources and run provisioner scripts with 'terraform apply'.

Verify resource creation and state with 'terraform show'.