In today’s hybrid and multi-cloud world, there has been an explosion of new applications, tools, and services that organizations can now use to become more efficient. But as the number of providers and services used increases, it gets increasingly harder for clients to manage their infrastructure across public clouds and on-premise infrastructure.
Over 1 billion cloud applications are predicted to be created by 2028, and the effort to build and maintain these will push far beyond the capacity of humans to support, magnifying organizational risk and complexity.
This new landscape prompts the need for more effective Infrastructure Lifecycle Management that uses pervasive automation to build (Day 0), deploy (Day 1), and then manage (Day 2+) infrastructure over time.
Infrastructure provisioning and configuration management will play a huge role in this push for more effective ILM, and the most popular products in those two categories are Terraform and Ansible. This post introduces a new feature in Terraform that sets the stage for deeper Ansible and Terraform workflow integration, leading to even better automated Day 2+ outcomes.
»Terraform 🤝 Ansible
Terraform and Ansible are two of the most widely used tools in infrastructure management. Here’s how they typically work in their individual roles:
- Day 0: Terraform is excellent at provisioning infrastructure. It can prepare and provision complex resource architectures, including servers, networks, storage, etc. according to pre-written infrastructure as code files. Terraform excels at going from nothing to something.
- Day 1: Ansible excels at configuration management. It can modify and maintain existing infrastructure consistently with infrastructure as code files.
And then there’s Day 2 after deployment — most of the operational burden happens here. Both products also have use cases for Day 2:
- Day 2: Terraform and Ansible work together to keep your infrastructure healthy over time, and ensure smooth decommissioning when resources are no longer needed.
Terraform continuously monitors for any drift from the intended infrastructure state and manages the decommissioning of resources when they are no longer needed. Ansible helps with tasks like health checks, updates, and patching for the application and operating system, as well as automating incident response.
However, challenges can arise when Day 2 operations, particularly those involving modifications to resources managed by Terraform, occur outside of the Terraform workflow. For example, in AWS environments managed by Terraform, teams often need to manually invoke Lambda functions, create invalidation requests for Cloudfront’s cache, or send alerts and notifications via SNS.
This can lead to fragmented workflows and increased overhead, as it becomes difficult to maintain a single source of truth when changes take place across different systems. This has prompted the need for tighter integration between the two products.
»Introducing Terraform actions
Today, we’re taking our first step toward building a unified Terraform and Ansible infrastructure workflow — we’re announcing the public beta of Terraform actions, with support for actions in the Ansible Automation Platform (AAP) Terraform provider coming next week.
Terraform actions are pre-set operations built into providers that let Terraform perform Day 2 management operations. Actions can be invoked for a resource pre- or post-CRUD event (create, read, update, destroy) or ad hoc via the CLI (outside of the plan/apply cycle). Read more about configuring actions vs. invoking actions through the CLI in our invoke actions documentation.
The Terraform actions that are built for the AAP provider, as an example, will be able to dispatch an event that activates AAP’s Event Driven Automation (EDA) capability to trigger dynamic automation workflows from Ansible, all with just one Terraform apply. This interconnectivity helps unify your infrastructure toolset and reduce friction across Day 2 operations.
With actions, Terraform and Ansible users gain:
- A consistent inventory: When Terraform provisions or destroys a resource, this information can be synced with Ansible via the AAP provider so its inventory is updated appropriately. This helps eliminate manual inventory updates and centralizes visibility so organizations can maintain consistency across the tools.
- Native workflows: Terraform actions can trigger event-driven Ansible workflows, allowing for even more sophisticated infrastructure lifecycle automation and tighter execution control. This approach ensures smooth automation for Day 0 provisioning tasks like completing VM setup and accelerates the handoff to Day 1 and Day 2 configuration and operational management tasks.
»Getting started with Terraform and Ansible
Terraform actions represent the first step of many in our effort to help simplify infrastructure workflows for Terraform and Ansible users. For more information on getting started, please refer to the following resources:
- Invoke actions documentation
- New Red Hat Certified Content Collections for HashiCorp Terraform and HashiCorp Vault
For more HashiConf 2025 Infrastructure Lifecycle Management news, read our blog: Scale infrastructure with new Terraform and Packer features at HashiConf 2025.
