This is really a “you do you” type of decision. But basically, utilize something like a GIT repo for your code is the basics.
My situation is we have a team of 4 that use Ansible. Since it is 1 team, only 4 people, we haven’t tried to add the complexity of AWX or Tower (or whatever it’s called now lol). If we had multiple teams using it, we might look at something with a GUI interface, to be able to lock down based on groups, but we don’t currently have the need.
We have a GIT Repo, and I have 1 Dev Ansible server (using ansible v8.3.0 command line). That is where I (and sometimes others) create & test new roles/playbooks/etc, as well as new versions of Ansible or Ansible Collections. Since our scope currently is just AWS, I use dynamic inventory files, so I can limit my testing to any combination of Dev, Staging, and Prod, depending on the need. We then have a Prod server that we use for day-to-day tasks.
I will note that we have a “files-temp” directory that is not tied to the GIT Repo for “one-off” playbooks - for example, if someone wanted to throw together a playbook that queries a setting on all servers. Stuff that doesn’t really need to go through any GIT Repo/SDLC process. Granted, if we had a bigger (or less trustworthy lol) group we might not allow this…
Standard GIT Process - develop/test things in Dev, when signed off, migrate changes to Prod.
We are currently being offered to use Terraform here. You can Google search “Terraform and Ansible”, there are several articles about when to use each. We haven’t really gotten into it, but if we use it, we likely will draw a line and use Terraform for some things, Ansible for the rest. We are leaning towards “VPC level and above” in Terraform, purely because we don’t use Ansible for those now, as they are rare. If we do this, we will decide whether we actually run things through Terraform, or utilize Ansible collections to run the Terraform things for us. It’s very early for us in this realm, and we haven’t really decided if / how we will utilize Terraform. We use Ansible heavily with no issues, so there is no real reason to move away from something that works so well.
Hope these thoughts help.