Imagine you’ve just built a new house with Terraform. Now you need to decorate it, wire it, and move in furniture. Provisioners are the tools that let you run those finishing touches - whether it’s running a script locally, configuring the house remotely, or copying files into it. Terraform provides three main types of provisioners, each with its own role in completing the setup.

Key Concepts

1. Local-Exec Provisioner

• Definition: Runs a command locally on the machine where Terraform is executed.
• Use case: Trigger scripts, notify external systems, log events.
• Pros: Simple, great for CI/CD integration.
• Cons: Runs only on the local machine, not inside the resource.

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  provisioner "local-exec" {
    command = "echo Instance ${self.id} created >> instances.log"
  }
}

2. Remote-Exec Provisioner

• Definition: Runs commands on a remote resource via SSH (Linux) or WinRM (Windows).
• Use case: Bootstrapping servers, installing software, configuring services.
• Pros: Directly configures the resource after creation.
• Cons: Requires SSH/WinRM connectivity; fragile if networking isn’t ready.

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update",
      "sudo apt-get install -y apache2"
    ]
  }
}

3. File Provisioner

• Definition: Copies files from the local machine to the remote resource.
• Use case: Upload configuration files, scripts, or templates.
• Pros: Quick way to transfer files.
• Cons: Limited to file copy; requires remote connectivity.

resource "aws_instance" "app" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"

  provisioner "file" {
    source      = "app.conf"
    destination = "/etc/app/app.conf"
  }
}

Hands‑On Lab / Demo

Lab: Combining Provisioners

1. Create an EC2 instance.
2. Use local-exec to log the instance ID locally.

Use remote-exec to run the script:hcl

provisioner "remote-exec" {
  inline = [
    "chmod +x /tmp/setup.sh",
    "sudo /tmp/setup.sh"
  ]
}

Use file provisioner to copy a script:

provisioner "file" {
  source      = "setup.sh"
  destination = "/tmp/setup.sh"
}

Pro Tips & Best Practices

• Use provisioners sparingly - prefer configuration management tools for complex setups.
• Keep commands idempotent (safe to run multiple times).
• Always test provisioners in staging before production.
• Document why a provisioner is used.
• Combine file + remote-exec for file transfer and execution.

Summary & Cheatsheet

• Local-exec: Runs commands locally.
• Remote-exec: Runs commands remotely via SSH/WinRM.
• File: Copies files to remote resources.
• Best practice: Use provisioners only for last‑mile tasks.

Quick mnemonic: Local = Trigger, Remote = Configure, File = Copy

The Hackers Notebook

Provisioners are Terraform’s last‑mile helpers, giving you the ability to run commands, copy files, and bootstrap resources. By understanding the three types - local-exec, remote-exec, and file - you can finish infrastructure setups with precision.