Terraform Provisioners: The Most Misunderstood Feature in IaC

Most engineers don’t start with Terraform provisioners. They arrive there naturally. You provision an EC2 instance. You SSH into it. You install what you need. Then you think: “Why not automate this part too?” So you reach for provisioners. remote-exec to run commands file to copy scripts local-exec to glue workflows together And for a moment — everything feels clean and automated. Until it doesn’t. The Moment Things Break You update your script. Run: terraform apply ` And… nothing happens. No commands run. No changes applied. No errors. Just silence. This is the moment most people think something is broken. But nothing is broken. Terraform is doing exactly what it was designed to do. The Core Misunderstanding Terraform is declarative . It cares about the state of infrastructure — not the steps to configure it. Provisioners, on the other hand, are imperative . They introduce instructions like: Run this command Copy this file Execute this script That’s a completely different model. What