Ansible vs. Terraform, clarified – Red Hat

As you research automation solutions, you’ve no doubt seen many terms used to describe the key differences and functionality of the products. Let’s define some of the most common ones and explore how they relate to each other, and to Ansible and Terraform.

Orchestration is the coordinated execution of multiple workflows. Each workflow executes one or more tasks. Orchestrated together, these workflows automate the configuration and management of complex systems, applications, and services. This coordination usually follows pre-established rules defined in a policy. Orchestration can also coordinate multiple automation solutions. Those, in turn, run the automation workflows.

Both Ansible and Terraform can act as orchestrators, as they can invoke multiple automation workflows in sequence following specific policies. Ansible has built-in modules for connecting to and managing other automation tools (including Terraform). As a result, you can standardize your automation approach across your entire IT estate, using Ansible as the top-level common language for all teams.

Provisioning is the process of creating and deploying IT infrastructure for applications and services


Both Ansible and Terraform can provision (and deprovision) IT infrastructure. Ansible can also provision applications and services.

Configuration management is the process of defining and maintaining the configuration of infrastructure, applications, and services.

Like many other automation solutions, Ansible and Terraform can define configurations and apply them to various infrastructure objectives. However, their approach to configuration management differs. Terraform uses an approach called declarative programming, which attempts to preserve the configuration of an IT infrastructure by defining a desired state. Ansible uses a procedural (or imperative) programming approach, which attempts to preserve the configuration of an IT infrastructure by defining the steps to reach a desired state. Each process is detailed below.

An infrastructure-as-code (IaC) approach defines and provisions infrastructure through code that will run automatically, rather than through manual processes. By treating an IT infrastructure as code, organizations can automate management tasks, benefiting from software development best practices and reducing human error.

Both Ansible and Terraform are IaC tools, although, as mentioned, the programming used by each solution differs


Declarative programming is a method of writing code to describe the desired outcome of the program, rather than detailing how to do it. It focuses on the end state, rather than the specific commands and steps needed to get there.

Terraform uses the Hashicorp configuration language (HCL) as its automation language and declarative programming approach. This means that the script that Terraform has to perform to achieve the required configuration changes are not visible or known to the end user.

Procedural, or imperative, programming is a method of writing code to provide the computer with a list of instructions, a step-by-step guide, for completing a task. It focuses on the process, rather than the final state. For its automation language, Ansible uses YAML, a human-readable data serialization language. YAML syntax is interpreted and executed procedurally, which means that the automation workflow runs in the sequence in which it was written.

Ansible can be both declarative and procedural: many modules work declaratively, while other modules prefer a procedural programming approach. In addition, some constructs in the Ansible language, such as conditionals and loops, allow users to define procedural logic. This combination gives you the flexibility to focus on what you need to do, rather than strictly adhering to one paradigm.

Immutability of configuration means that configuration (of an infrastructure or an application) cannot be changed. For example, provisioning the latest version of an application requires that the previous version be removed and replaced, rather than modified and updated. Resources are automatically destroyed and recreated.

Terraform uses an immutable infrastructure approach, which can help users get started quickly, as they can easily increase resources, test something, and then take it down. However, depending on the size of the infrastructure, it can become complex and difficult to manage. Although Ansible is designed with configuration mutability in mind, some automation workflows can be designed to adopt the immutability approach.

Configuration mutability means that configuration (of an infrastructure or an application) can be changed. For example, newer versions of applications can be provisioned by updating or modifying the existing resource instead of deleting or replacing it.

Ansible is designed assuming the mutability of the configuration. The advantage of this approach is that automation workflows are easy to understand and easy to fix. However, in certain scenarios, it can be difficult to deprovision resources without knowing the correct order of operations.

Configuration deviation occurs when an infrastructure changes due to manual, unapproved, or unmonitored changes over time, and those changes are not systematically recorded or tracked. Often, these changes are due to emergencies or excessive complexity, factors that can discourage employees from following the established process. As a result, configuration deviation is prevalent in large organizations.

An IaC approach helps with drift, but additional drift management is critical. Ansible helps you combat drift with Ansible Playbooks (automation workflows) that can be configured to detect drift. When a drift is detected, it sends a notification to the appropriate person who can make the required modification and return the system to its baseline.

Because Ansible uses a procedural programming approach, developers can more easily understand when and where their automation settings are changing, making it faster to isolate a specific part of the configuration and remediate drift. Depending on the complexity of the IT infrastructure, making configuration changes in automation solutions that use a declarative programming approach (such as Terraform) can be much more challenging. As a result, IT organizations sometimes prefer to use Ansible to make simple configuration changes rather than holistically reconfiguring an entire IT system with a solution like Terraform.

Contact US