Terraform vs. Ansible: Understanding the IaC Ecosystem

Look, a couple years back I found myself knee-deep in this absolutely messy migration at a mid-sized enterprise here in the Netherlands. With 14 years under my belt as a DevOps engineer, SRE, and sysadmin—I’ve bounced around from startups to big corps, and even spent some time at this tiny, chaotic agency—I needed to spin up reliable infra fast. Terraform or Ansible? Here’s the thing: I genuinely wasn’t sure if I should go declarative or procedural, so I ended up spending weeks, literally weeks, testing both on Ubuntu 22.04 setups. I even tied them into Kubernetes after that brutal month I wasted just grokking K8s basics. Man, that was… rough.

Last month, while provisioning EC2s for a client’s multi-cloud mess, I fired up Ansible 2.15 first. And honestly? Playbooks just work. Like, they’re really straightforward—it’s YAML that actually reads like English, runs agentless over SSH, and it’s perfect for configuring servers after you’ve already spun them up. I threw together a quick playbook to install Nginx and adjust some specific server configs: ansible-playbook -i inventory site.yml. Yeah, it’s idempotent, sure, but here’s what I’ve learned: it’s mutable by nature since it reapplies changes every single run to match your YAML definition. That’s genuinely brilliant for Day 1 and Day 2 operations—patching, app deploys, all that runtime stuff. It’s honestly way better than Terraform for on-prem environments or when you’re tweaking live servers. Though I’ll be straight with you, it becomes this resource monster in large fleets. All those SSH connections just keep piling up. I remember watching the control node’s memory spike during a rolling update across 200 VMs. My heart was racing, I’m not gonna lie—that was one of those moments where you realize you maybe should’ve tested at scale first.

But when it comes to actually provisioning infrastructure? Terraform just wins. Its HCL is declarative—you write out the end-state you want, and it handles the entire lifecycle using tfstate files, keeping things immutable where it counts. Fire off terraform apply on an AWS VPC cluster and you get parallel execution and multi-cloud capabilities through provider APIs. No state file? You’re flying blind, genuinely. Ansible has to jump through hoops just to figure out what’s actually running in the cloud, but Terraform just knows. Yeah, the learning curve is steeper, but for Kubernetes manifests or immutable infrastructure, it just clicks in a way Ansible doesn’t. This whole approach is what I covered in more detail in Infrastructure as Code Explained: Stop Clicking in the Console, where I break down why clicking around AWS consoles is basically career suicide at this point.

Early on, I completely botched this, though. I genuinely thought Ansible Tower was just Jenkins with YAML thrown on top. Looking back, I probably should’ve actually cracked open the docs since Tower’s really enterprise-level scheduling and orchestration, not a CI/CD replacement at all. Actually, tangent here—speaking of Jenkins, I still have nightmares about managing brittle Groovy scripts, but anyway, getting back on track—soft skills matter here too. Being able to explain “why Terraform first, then Ansible” in interviews actually saved my butt during that DevOps job hunt. I got my CKA/RHCE/AWS certs partly because I could articulate that exact strategy clearly. If you’re thinking about making a similar career pivot, I wrote about How to Transition from Traditional IT to DevOps Engineer based on exactly these kinds of real-world scenarios.

The reality is they’re not competing tools. You use Terraform for Day 0 (spinning up immutable resources), and then Ansible for the configuration handoff. Netflix provisions with Terraform, Facebook handles configs with Ansible. Edge case: if you’re stuck on-prem without cloud APIs, Ansible shines on its own. I’m not entirely sure on the exact performance differences when you hit tens of thousands of nodes at massive scale, but Terraform just feels snappier when you’re running it day-to-day.

What about you—are you a Terraform purist or more of an Ansible person? I’ve got a hybrid setup now, but I’m genuinely curious which direction you’re leaning for your next infrastructure push.

🎓 Ready to go deeper?

This article only scratches the surface. If you want the complete, hands-on path — from fundamentals to production-ready skills — enroll in RHCSA Bootcamp (RHEL 10) - Arabic and get structured lessons, labs, and real-world projects.

👉 Enroll now →