Terraform
local-exec Provisioner
The local-exec
provisioner invokes a local executable after a resource is
created. This invokes a process on the machine running Terraform, not on the
resource. See the remote-exec
provisioner to run commands on the
resource.
Note that even though the resource will be fully created when the provisioner is
run, there is no guarantee that it will be in an operable state - for example
system services such as sshd
may not be started yet on compute resources.
Important: Use provisioners as a last resort. There are better alternatives for most situations. Refer to Declaring Provisioners for more details.
Example usage
resource "aws_instance" "web" {
# ...
provisioner "local-exec" {
command = "echo ${self.private_ip} >> private_ips.txt"
}
}
Argument Reference
The following arguments are supported:
command
- (Required) This is the command to execute. It can be provided as a relative path to the current working directory or as an absolute path. Thecommand
is evaluated in a shell and can use environment variables for variable substitution. We do not recommend using Terraform variables for variable substitution because doing so can lead to shell injection vulnerabilities. Instead, you should pass Terraform variables to a command through theenvironment
parameter and use environment variable substitution instead. Refer to the following OWASP article for additional information about injection flaws: Code Injection.working_dir
- (Optional) If provided, specifies the working directory wherecommand
will be executed. It can be provided as a relative path to the current working directory or as an absolute path. The directory must exist.interpreter
- (Optional) If provided, this is a list of interpreter arguments used to execute the command. The first argument is the interpreter itself. It can be provided as a relative path to the current working directory or as an absolute path. The remaining arguments are appended prior to the command. This allows building command lines of the form "/bin/bash", "-c", "echo foo". Ifinterpreter
is unspecified, sensible defaults will be chosen based on the system OS.environment
- (Optional) block of key value pairs representing the environment of the executed command. inherits the current process environment.when
- (Optional) If provided, specifies when Terraform will execute the command. For example,when = destroy
specifies that the provisioner will run when the associated resource is destroyed. Refer to Destroy-Time Provisioners for details.quiet
- (Optional) If set totrue
, Terraform will not print the command to be executed to stdout, and will instead print "Suppressed by quiet=true". Note that the output of the command will still be printed in any case.
Interpreter Examples
resource "terraform_data" "example1" {
provisioner "local-exec" {
command = "open WFH, '>completed.txt' and print WFH scalar localtime"
interpreter = ["perl", "-e"]
}
}
resource "terraform_data" "example2" {
provisioner "local-exec" {
command = "Get-Date > completed.txt"
interpreter = ["PowerShell", "-Command"]
}
}
resource "aws_instance" "web" {
# ...
provisioner "local-exec" {
command = "echo $FOO $BAR $BAZ >> env_vars.txt"
environment = {
FOO = "bar"
BAR = 1
BAZ = "true"
}
}
}