Using Terraform and Ansible Together

Provision infrastructure with Terraform, then configure it via Ansible. Get workflows, code samples, and best-practice tips—all in one concise guide.

Sebastian Stadil

3 min read

In today's fast-paced IT environments, automation is king. Two titans in this realm are Terraform and Ansible. Terraform excels at provisioning and managing your infrastructure (the "what" and "where"), while Ansible shines in configuring that infrastructure and deploying applications (the "how"). Used together, they offer a potent combination for end-to-end automation.

The "Why": Synergistic Strengths

Terraform's declarative approach allows you to define your desired infrastructure state, and it figures out how to get there. Its state management is crucial for tracking resources. Ansible, with its procedural approach and vast module library, then steps in to meticulously set up software, apply policies, and deploy code on the provisioned resources.

Key Benefits of Using Them Together:

  • End-to-End Automation: From bare cloud resources to fully configured applications.
  • Consistency & Reliability: Infrastructure and configuration as code minimize errors.
  • Scalability: Easily scale infrastructure with Terraform and configure new resources with Ansible.
  • Efficiency: Drastically reduces manual effort and deployment times.

Core Differences at a Glance

Feature

Terraform

Ansible

Primary Use Case

Infrastructure Orchestration & Provisioning

Configuration Management & Application Deployment

Approach

Declarative

Procedural/Imperative

State Management

Stateful (maintains a .tfstate file)

Largely Stateless (by default)

Resource Lifecycle

Strong (create, update, destroy)

Focus on configuration of existing resources

Integration in Practice: A Simple Example

A common way to integrate is by having Terraform provision a server and then trigger an Ansible playbook to configure it.

Terraform (main.tf):

provider "aws" {
  region = "us-west-2"
}

resource "aws_instance" "web_server" {
  ami           = "ami-08d70e59c07c61a3a" // Example: Amazon Linux 2 AMI
  instance_type = "t2.micro"

  tags = {
    Name = "MyWebServer"
  }
}

// Output the public IP to use with Ansible
output "web_server_ip" {
  value = aws_instance.web_server.public_ip
}

// Example: Trigger Ansible after creation (simplified for brevity)
// In more robust setups, dynamic inventory is preferred.
resource "null_resource" "run_ansible" {
  depends_on = [aws_instance.web_server]

  provisioner "local-exec" {
    command = "ansible-playbook -i '${aws_instance.web_server.public_ip},' --private-key ~/.ssh/your-aws-key.pem playbooks/setup_nginx.yml -u ec2-user"
  }
}

Ansible Playbook (playbooks/setup_nginx.yml):

---
- hosts: all
  become: yes
  tasks:
    - name: Ensure Nginx is installed
      package:
        name: nginx
        state: present
        update_cache: yes # For Debian/Ubuntu based systems

    - name: Ensure Nginx is running and enabled
      service:
        name: nginx
        state: started
        enabled: yes

    - name: Deploy a simple index page
      copy:
        content: "<h1>Hello from Terraform and Ansible!</h1>"
        dest: /usr/share/nginx/html/index.html

Note: This local-exec method is simple but tightly couples the tools. For more complex or collaborative environments, using dynamic inventory scripts that read Terraform state or outputs is generally a better practice.

While the Terraform and Ansible duo is powerful, scaling their use across an organization introduces operational challenges:

  • State Management: Securely storing, sharing, and managing access to Terraform state files.
  • Inventory Synchronization: Keeping Ansible's view of the infrastructure consistently up-to-date.
  • Secrets Management: Handling sensitive data like API keys and credentials securely.
  • Collaboration & Governance: Ensuring consistent workflows, enforcing policies (e.g., tagging, security), and managing role-based access control (RBAC) across multiple teams and environments.
  • Visibility & Cost Control: Tracking resource usage and associated costs across diverse projects.

These complexities often lead organizations to seek solutions that provide a higher-level management plane. While vendor-specific offerings like HCP Terraform or Ansible Automation Platform address parts of this, a comprehensive approach to environment management as a service becomes crucial. Platforms that centralize IaC operations, streamline environment provisioning, enforce governance, and provide clear visibility can significantly reduce the operational burden.

Solutions like Scalr, for instance, are designed to tackle these exact challenges by offering a structured framework for managing multiple Terraform and Ansible workflows, enabling self-service for development teams while maintaining central control and policy enforcement. They help bridge the gap between the power of these tools and the practicalities of using them effectively and securely at scale, ensuring that your automation efforts truly accelerate innovation rather than creating new operational bottlenecks.

By understanding both the strengths of Terraform and Ansible and the potential complexities of their scaled deployment, organizations can make informed decisions about the tools and platforms that will best support their automation journey.