Hi @rmattier,
In the ideal case, Terraform should not need direct access to the machines it’s deploying because provisioners are a last resort. Indeed, that section alludes to this very problem as one of the justifications for seeking other approaches where possible:
Secondly, successful use of provisioners requires coordinating many more details than Terraform usage usually requires: direct network access to your servers, issuing Terraform credentials to log in, making sure that all of the necessary external software is installed, etc.
Without knowing the details of what you are setting up I can’t make specific recommendations or even be sure that there is an option other than provisioners, but hopefully the ideas in that section are helpful in giving you some other approaches that might allow the machines to self-bootstrap rather than requiring direct provisioning via Terraform.
If you aren’t sure how to make use of that advice in your specific situation then I’m happy to try to answer some more specific questions. 