Terraform vs. Ansible: How do these DevOps tools differ?

There is some overlap between the two tools, but they really should coexist. Here we show you where Ansible and Terraform fit into your cloud-native, DevOps stack.

Software developers are often called upon to implement the logic required by IaC platforms, such as Terraform and Ansible. But to properly write the YAML, JSON or DSL file that will spin up Docker containers or shut down Kubernetes clusters, a developer must understand the nature and purpose of the tools they are about to codify.

Ansible and Terraform are two offerings often used as infrastructure-as-code (IaC) platforms. Although distinct in purpose, the two tools do have some overlap, which often triggers some confusion.

Here, we will examine what software developers need to know when contrasting Terraform vs. Ansible.

In short, Terraform is an open source, IaC platform. In contrast, Ansible is an open source configuration management tool. Developers can use Ansible and Terraform at the same time; one does not necessarily replace the need for the other.

How Terraform works

Terraform, created by HashiCorp, provides a syntax to define infrastructure and services that can be hosted either on premises or in the cloud. You can use the DevOps tool to configure anything from Azure services to virtual machines running in VMware ESXi to DNS entries in Cloudflare.

Terraform HCL
Sample Terraform HCL code used to create an Azure resource.

Terraform users define how to create, update, replace and delete resources with a programming language called HashiCorp configuration language (HCL). HCL is an interpreted language, designed to be more forgiving and easier to use than alternatives like Java or Kotlin. HCL was designed so DevOps professionals with minimal coding experience could pick up the syntax quickly.

How Ansible works

In contrast with Terraform, Ansible is a configuration management tool created by Red Hat. When it comes to Ansible, it's very similar to Terraform in terms of what you can create with it. For example, you can also create the Azure Resource Group that you saw in the previous section with Terraform.

Ansible YAML
Unlike Terraform, Ansible uses YAML for resource creation.

However, unlike Terraform, Ansible uses YAML, a data serialization standard for programming languages, to define how resources will be provisioned. To the left is a screenshot showing sample Ansible code to create an Azure Resource Group.

In our two Terraform vs. Ansible code examples, we've used the tools to create a cloud-based resource. But in practice, that's more the job of an IaC tool like Terraform, as opposed to a configuration management tool like Ansible. Just because you can create resources with Ansible, it doesn't necessarily mean you should.

How to combine Terraform and Ansible

DevOps pros should always use the best tool for the job. Ansible and Terraform are complementary tools that are commonly used together. The decision to include Ansible and Terraform in your DevOps stack is not an either-or decision.

Use Terraform to create resources and services. Then use Ansible to configure the resources Terraform created.

For example, imagine you need to provision an Amazon Elastic Compute Cloud (EC2) instance for infrastructure. And on that instance, you'll need to install a MySQL server and configure it with a variety of port settings, security constraints and performance optimization parameters.

In this scenario, you should use Terraform to define how to create a virtual machine as an EC2 instance in the AWS cloud. You would then use Ansible to install and configure the MySQL database. As you can see, Ansible and Terraform address two separate DevOps concerns. They are complementary, not competitive.

Dig Deeper on DevOps-driven, cloud-native app development

App Architecture
Software Quality
Cloud Computing