Terraform provisioners allow you to run scripts or commands on a resource after it is created. What is the main reason for using provisioners in Terraform?
Think about what Terraform can and cannot do by itself when creating resources.
Provisioners run scripts on resources to perform configuration steps that Terraform does not support natively, such as installing software or running setup commands immediately after resource creation.
Which scenario is NOT a good reason to use Terraform provisioners?
Consider if Terraform already supports configuring the resource without extra scripts.
If Terraform supports configuring a resource natively, using provisioners is unnecessary and can complicate your infrastructure code.
Consider a Terraform configuration with a local-exec provisioner that runs a script on a resource. What is the behavior if the script returns a non-zero exit code?
Think about how Terraform treats errors during resource provisioning.
If a provisioner script fails, Terraform treats it as a failure of the resource creation or update, stops the apply process, and marks the resource as tainted.
Running scripts on resources with provisioners can introduce security risks. Which of the following is a common risk?
Consider how sensitive information is handled in scripts and Terraform configurations.
Embedding secrets directly in provisioner scripts or Terraform files can expose sensitive data in version control or logs, creating security vulnerabilities.
Which statement best describes the recommended best practice for using Terraform provisioners?
Think about maintainability and reliability of infrastructure code.
Provisioners should be used sparingly and only when Terraform's native resource capabilities cannot perform the needed configuration, to keep infrastructure code clean and reliable.