Bird
Raised Fist0
Terraformcloud~5 mins

Provider caching and mirrors in Terraform - Commands & Configuration

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Introduction
Terraform uses providers to interact with cloud services. Sometimes downloading providers can be slow or unreliable. Provider caching and mirrors help speed up downloads and improve reliability by storing providers locally or using alternative sources.
When you want to speed up Terraform runs by avoiding repeated downloads of providers.
When your network has limited or unreliable internet access to the official Terraform provider registry.
When you want to use a private or internal mirror of providers for security or compliance reasons.
When working in a team and you want everyone to use the same provider versions from a shared cache.
When you want to reduce external dependencies in automated CI/CD pipelines.
Config File - terraform.rc
terraform.rc
provider_installation {
  filesystem_mirror {
    path    = "/usr/local/share/terraform/providers"
    include = ["registry.terraform.io/hashicorp/*"]
  }
  direct {
    exclude = ["registry.terraform.io/hashicorp/*"]
  }
}

This configuration file tells Terraform to look for providers first in a local folder /usr/local/share/terraform/providers for all HashiCorp providers. If not found there, it will try to download directly from the official registry.

provider_installation: Main block to configure provider sources.

filesystem_mirror: Defines a local folder mirror for providers matching the include pattern.

direct: Fallback to download providers directly from the registry if not found in the mirror.

Commands
Initializes Terraform, downloads providers using the caching and mirror settings from terraform.rc.
Terminal
terraform init
Expected OutputExpected
Initializing the backend... Initializing provider plugins... - Finding hashicorp/aws versions matching ">= 3.0.0" - Installing hashicorp/aws v4.50.0... - Installed hashicorp/aws v4.50.0 (signed by HashiCorp) Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work.
Lists cached provider files in the local mirror directory to verify caching.
Terminal
ls /usr/local/share/terraform/providers
Expected OutputExpected
registry.terraform.io
Shows the providers Terraform is using for the current configuration and their sources.
Terminal
terraform providers
Expected OutputExpected
Providers required by configuration: . ├── provider[registry.terraform.io/hashicorp/aws] Provider source addresses: - registry.terraform.io/hashicorp/aws
Key Concept

If you remember nothing else from this pattern, remember: configuring provider caching and mirrors lets Terraform reuse providers locally to save time and improve reliability.

Common Mistakes
Not creating or populating the local mirror directory with provider files.
Terraform will try to download providers directly if the mirror folder is empty, defeating the purpose of caching.
Download providers once with internet access, then copy them into the mirror folder for offline or faster reuse.
Misconfiguring the include or exclude patterns in terraform.rc.
Terraform may skip the mirror or try to download providers unnecessarily if patterns do not match provider addresses.
Use correct glob patterns matching the provider source addresses exactly, e.g., "registry.terraform.io/hashicorp/*".
Placing terraform.rc in the wrong location or with wrong filename.
Terraform will not read the configuration and caching will not work.
Place terraform.rc in the home directory or the directory where Terraform is run, with exact filename terraform.rc.
Summary
Create a terraform.rc file to configure provider caching and mirrors.
Use terraform init to initialize and download providers using the cache or mirror.
Verify cached providers exist in the local mirror directory.
Use terraform providers to check which providers are used and their sources.

Practice

(1/5)
1. What is the main purpose of provider caching in Terraform?
easy
A. To encrypt provider plugins for security
B. To store provider plugins locally and speed up Terraform runs
C. To delete unused providers automatically
D. To force Terraform to always download providers from the internet

Solution

  1. Step 1: Understand provider caching concept

    Provider caching means saving provider plugins on your local machine so Terraform doesn't need to download them every time.

  2. Step 2: Identify the benefit of caching

    This local storage speeds up Terraform runs by avoiding repeated downloads.

  3. Final Answer:

    To store provider plugins locally and speed up Terraform runs -> Option B

  4. Quick Check:

    Provider caching = local storage for speed [OK]
Hint: Caching means saving locally to avoid repeated downloads [OK]
Common Mistakes:
  • Thinking caching deletes providers
  • Confusing caching with encryption
  • Assuming caching forces downloads
2. Which block is used in Terraform configuration to specify a local directory for provider caching?
easy
A. direct
B. cache_location
C. filesystem_mirror
D. provider_cache

Solution

  1. Step 1: Recall Terraform provider mirror blocks

    Terraform uses filesystem_mirror blocks to define local directories for caching providers.

  2. Step 2: Confirm correct block name

    The direct block is for direct downloads, not caching. Other options are invalid.

  3. Final Answer:

    filesystem_mirror -> Option C

  4. Quick Check:

    Local cache directory = filesystem_mirror [OK]
Hint: Filesystem mirror means local cache folder [OK]
Common Mistakes:
  • Confusing direct with caching block
  • Using non-existent block names
  • Assuming provider_cache is valid
3. Given this Terraform CLI configuration snippet:
provider_installation {
  filesystem_mirror {
    path    = "/cache/providers"
  }
  direct {
    exclude = ["hashicorp/aws"]
  }
}

What happens when Terraform needs the hashicorp/aws provider?
medium
A. Terraform downloads hashicorp/aws directly from the internet
B. Terraform uses the cached version from /cache/providers
C. Terraform throws an error because hashicorp/aws is excluded
D. Terraform ignores the provider and continues without it

Solution

  1. Step 1: Analyze the filesystem_mirror and direct blocks

    The filesystem_mirror caches providers locally except those excluded in direct.

  2. Step 2: Understand the exclude setting

    The direct block excludes hashicorp/aws, so Terraform will not use the cache for it.

  3. Step 3: Determine provider source

    Terraform downloads hashicorp/aws directly from the internet.

  4. Final Answer:

    Terraform downloads hashicorp/aws directly from the internet -> Option A

  5. Quick Check:

    Exclude means direct download [OK]
Hint: Exclude in direct means download from internet [OK]
Common Mistakes:
  • Assuming excluded providers use cache
  • Thinking exclusion causes errors
  • Believing providers are ignored if excluded
4. You configured a filesystem_mirror path but Terraform still downloads providers from the internet. What is the most likely cause?
medium
A. The filesystem_mirror path is incorrect or inaccessible
B. Terraform does not support provider caching
C. You forgot to install Terraform CLI
D. The provider version is not specified in configuration

Solution

  1. Step 1: Check filesystem_mirror path validity

    If the path is wrong or Terraform cannot access it, caching won't work and providers download from the internet.

  2. Step 2: Rule out other causes

    Terraform supports caching, CLI must be installed, and version absence doesn't force downloads if cache is valid.

  3. Final Answer:

    The filesystem_mirror path is incorrect or inaccessible -> Option A

  4. Quick Check:

    Invalid cache path causes downloads [OK]
Hint: Check cache path accessibility first [OK]
Common Mistakes:
  • Assuming Terraform lacks caching support
  • Ignoring filesystem permissions
  • Blaming missing provider version
5. You want to speed up Terraform runs in a team by caching providers locally but still allow direct downloads for some custom providers. Which configuration correctly achieves this?
hard
A. 
provider_installation {
  direct {
    include = ["customcorp/custom"]
  }
  filesystem_mirror {
    path = "/team/cache"
  }
}
B. 
provider_installation {
  direct {
    path = "/team/cache"
  }
  filesystem_mirror {
    exclude = ["customcorp/custom"]
  }
}
C. 
provider_installation {
  filesystem_mirror {
    exclude = ["customcorp/custom"]
  }
  direct {
    path = "/team/cache"
  }
}
D. 
provider_installation {
  filesystem_mirror {
    path = "/team/cache"
  }
  direct {
    exclude = ["customcorp/custom"]
  }
}

Solution

  1. Step 1: Understand correct block usage

    filesystem_mirror defines the local cache path; direct defines providers to download directly.

  2. Step 2: Check correct syntax and order

    provider_installation {
  filesystem_mirror {
    path = "/team/cache"
  }
  direct {
    exclude = ["customcorp/custom"]
  }
}
    correctly sets filesystem_mirror with path and direct with exclude list for custom providers.

  3. Step 3: Identify incorrect options

    Other options misuse keys or swap path and exclude incorrectly.

  4. Final Answer:

    provider_installation {
  filesystem_mirror {
    path = "/team/cache"
  }
  direct {
    exclude = ["customcorp/custom"]
  }
}
     -> Option D

  5. Quick Check:

    Cache path in filesystem_mirror, exclude in direct [OK]
Hint: Cache path in filesystem_mirror, exclude in direct block [OK]
Common Mistakes:
  • Swapping path and exclude keys
  • Putting exclude in filesystem_mirror
  • Misplacing blocks order