If you try to call a provider function in Terraform and see:
Error: Unknown function
the failure is usually not about syntax. It is about function registration.
Terraform only recognizes two categories of functions:
- Built-in Terraform functions
- Provider-defined functions registered by a provider
If a provider does not register the function, Terraform cannot resolve the symbol during expression evaluation. The plan fails before any resources are created.
Terraform 1.8 introduced provider-defined functions, which allow providers to extend the Terraform language without modifying Terraform core. These functions run during expression evaluation at plan time, not during resource creation.
The AWS provider currently exposes a small set of these functions, including:
arn_parsearn_buildtrim_iam_role_pathuser_agent
These functions are designed to handle AWS-specific string structures, especially ARNs, in a structured and deterministic way.
One critical detail:
Provider-defined functions do not create Terraform state. They simply compute values that Terraform can pass into resources, locals, or outputs.
Understanding this boundary helps explain many common Terraform errors and prevents engineers from assuming providers behave like large utility libraries.
This lesson breaks down the internal mechanism so the behavior becomes predictable rather than mysterious.