I wanted to share a demo that walks through how Red Hat Ansible Automation Platform can be integrated with HashiCorp Terraform to automate infrastructure across the full lifecycle — from provisioning infrastructure to configuring services on top of it.
Many teams treat these tools as completely separate layers:
Terraform provisions infrastructure
Configuration tools install software later
Operations teams handle everything after that
In practice, that often leads to gaps between provisioning and day-2 operations. This demo shows one way to connect those pieces together.
What the workflow looks like
The example workflow starts in Ansible Automation Platform and then hands off provisioning to Terraform:
A job in Ansible Automation Platform triggers a Terraform Enterprise project.
Terraform provisions infrastructure in Amazon Web Services.
After provisioning completes, Ansible synchronizes the new infrastructure into its inventory.
Ansible then runs configuration tasks to install and configure an NGINX web server.
Finally, a simple insurance company website is deployed to demonstrate application configuration.
This approach lets Terraform focus on infrastructure provisioning, while Ansible handles configuration, orchestration, and lifecycle automation after the infrastructure exists.
Why this pattern can be useful
Some practical benefits of combining the tools this way:
Clear separation of responsibilities
Terraform handles infrastructure state
Ansible handles configuration and operational automation
Automated handoff between layers
Newly created infrastructure automatically becomes available to Ansible workflows
End-to-end automation
Instead of stopping at provisioning, automation continues into configuration and service deployment
Easier lifecycle management
Build, configure, operate, and eventually retire infrastructure using coordinated workflows
Demo video
Hicham put together a walkthrough showing the full flow:
Curious how others are approaching this
I’m interested in hearing how others are combining Terraform and Ansible in real environments.
Some questions that come up often:
Do you trigger Terraform from Ansible, or keep them as separate pipelines?
How are you handling inventory synchronization after provisioning?
Are you using Terraform Cloud / Enterprise, or running Terraform locally in CI?
How do you structure Day-2 automation once infrastructure exists?
Would love to hear how others are structuring their workflows.
I am relatively new to both platforms and trying to implement something very similar to what you have outlined, using Ansible for the overall controller.
My concern with this approach is the inability to easily review the terraform plan before the terraform apply. For now I am using tags in Ansible to manage this part of the lifecycle, so that the default behavior of the terraform task is to plan without apply.
I have it configured so that I can use tags to apply, but also worry about the correct use of tags so I also have a separate playbook for the apply as well. I am still early on the creation process and haven’t decided which will be the final solution.
Once I have fully configured the playbooks and terraform, I want to transition to using pipelines from my repositories, but I haven’t figured out a good way to review and suspect I am going to have to surrender that review in order to fully automate the process.
I would be very interested to hear if others are also attempting to manage the full lifecycle with this approach.
I hadn’t even thought to look for a terraform module.
I don’t use the terraform cloud so I am guessing that I cannot use the cloud.terrform module.
I might look at using the community.general.terraform module to do the terraform things, but without stdout, I will probably still need to use the command to ‘terraform show -no-color .tfplan’ so I can actually read the output in the ansible stream.
cloud.terraform.terraform is basically a fork of community.general.terraform. I think the “cloud” in cloud.terraform was used because Terraform is generally used with cloud services, not because of “Terraform Cloud” (whatever that is, I only ever used the CLI program ).
).