Terraform provisioners should generally be used as a last resort or as a final option because they introduce some limitations and potential complexities to your infrastructure provisioning process. Here are a few reasons why it's advisable to use Terraform provisioners sparingly:
- Separation of Concerns: Terraform focuses primarily on infrastructure provisioning and management. It is designed to handle resource creation, updates, and deletions. By keeping the provisioning logic separate from configuration management or other tasks, you can maintain a clear separation of concerns and leverage specialized tools for each task. 
- Idempotency: Terraform's core strength lies in its ability to ensure the desired state of your infrastructure. It achieves this by comparing the desired state declared in your configuration files with the current state of the infrastructure and making the necessary changes to align them. Provisioners, on the other hand, introduce imperative actions that may not be idempotent. This means that running the same provisioner multiple times may lead to inconsistent results or unwanted side effects. 
- Dependencies and Ordering: Terraform handles resource dependencies and ordering automatically based on the defined relationships between resources. Provisioners, however, can introduce additional dependencies and ordering challenges since they rely on the availability and state of other resources. This can make it more difficult to manage complex provisioning sequences or handle failures gracefully. 
- Portability: Provisioners often rely on specific tools or scripts that may be tied to a particular operating system, environment, or external dependencies. This can limit the portability of your Terraform configurations across different environments or cloud providers, potentially causing compatibility issues or extra maintenance efforts. 
- Maintenance and Updates: Provisioners typically require more maintenance compared to other Terraform resources. If the provisioner logic or the external tooling it relies on needs to be updated or changed, it may require modifications to your Terraform configuration files, increasing complexity and potential errors. 
While Terraform provisioners have their use cases, it's generally recommended to explore other options first, such as using native cloud provider APIs, infrastructure-as-code best practices, or specialized configuration management tools (like Ansible, Chef, or Puppet) for more complex configuration tasks. This approach helps maintain the separation of concerns, improves idempotency, and ensures a more streamlined and manageable infrastructure provisioning process.
 
 

