The local-exec
provisioner invokes a local executable after a resource is
created. This invokes a process on the machine running Terraform, not on the
resource. See the remote-exec
provisioner to run commands on the
resource.
Note that even though the resource will be fully created when the provisioner is
run, there is no guarantee that it will be in an operable state - for example
system services such as sshd
may not be started yet on compute resources.
resource "aws_instance" "web" {
# ...
provisioner "local-exec" {
command = "echo ${self.private_ip} >> private_ips.txt"
}
}
The following arguments are supported:
command
- (Required) This is the command to execute. It can be provided
as a relative path to the current working directory or as an absolute path.
The command
is is evaluated in a shell and can use environment variables for
variable substitution. We do not recommend using Terraform variables for variable
substitution because doing so can lead to shell injection vulnerabilities. Instead, you should pass Terraform variables to a command
through the environment
parameter and use environment variable substitution
instead. Refer to the following OWASP article for additional information about injection flaws: Code Injection.
working_dir
- (Optional) If provided, specifies the working directory where
command
will be executed. It can be provided as a relative path to the
current working directory or as an absolute path. The directory must exist.
interpreter
- (Optional) If provided, this is a list of interpreter
arguments used to execute the command. The first argument is the
interpreter itself. It can be provided as a relative path to the current
working directory or as an absolute path. The remaining arguments are
appended prior to the command. This allows building command lines of the
form "/bin/bash", "-c", "echo foo". If interpreter
is unspecified,
sensible defaults will be chosen based on the system OS.
environment
- (Optional) block of key value pairs representing the
environment of the executed command. inherits the current process environment.
when
- (Optional) If provided, specifies when Terraform will execute the command.
For example, when = destroy
specifies that the provisioner will run when the associated resource
is destroyed. Refer to Destroy-Time Provisioners
for details.
quiet
- (Optional) If set to true
, Terraform will not print the command to be executed to stdout, and will instead print "Suppressed by quiet=true". Note that the output of the command will still be printed in any case.
resource "terraform_data" "example1" {
provisioner "local-exec" {
command = "open WFH, '>completed.txt' and print WFH scalar localtime"
interpreter = ["perl", "-e"]
}
}
resource "terraform_data" "example2" {
provisioner "local-exec" {
command = "Get-Date > completed.txt"
interpreter = ["PowerShell", "-Command"]
}
}
resource "aws_instance" "web" {
# ...
provisioner "local-exec" {
command = "echo $FOO $BAR $BAZ >> env_vars.txt"
environment = {
FOO = "bar"
BAR = 1
BAZ = "true"
}
}
}