Did you hear the one about ‘cattle versus pets’? You know, the idea that infrastructure is now immutable and short-lived. Yes, we chuckled about reality, too.

This is an ideal state and one we’d recommend trying to get to. It’s also the driver behind Terraform. However, with almost every customer we talk to, we find that reality is quite different. They’ve moved to infrastructure-as-code, but are still required to maintain servers as we have always done. We define the infrastructure as code, in Terraform, but the resulting virtual machines still need configuration changing, and often maintaining.

Enter Ansible. We’re sure you’ve at least read about, and are probably already very familiar with, Ansible. So we thought we’d show you how easy it is to bring Ansible into play, along with Terraform, right in the env0 interface, to give the best of all worlds. Deployment, configuration and even maintenance as code, all in the same source control and all glued neatly together in env0.

The Setup

For the example here, we’ll keep it simple. The beauty of both Terraform and Ansible is extending a small start into something more detailed is easy. We’re going to deploy an ec2 instance on AWS, using Terraform, then we’ll hand over to Ansible using a Custom Flow.

We’re sure you’ve already spotted the great thing about this flow is you can run it again and again, and all that will happen is the Ansible play will update the existing host. Coupling up the environment with a redeploy on git push will fully automate any later Ansible changes too, neat!

The key to this custom flow is an env0.yml file. Here’s our example:

Before we even run terraform plan, we do a little forward planning and get the name of the SSH key. Since Ansible is going to connect to our new machine via SSH, we’ll use the ec2 key already on our account.

Next, we’ll install Ansible using pip[1]. Although it is available via apk (the deployment image is based on Alpine) it’s an older version. We opted to put the Ansible install after terraform apply because it gives the ec2 instance time to start up whilst we’re running pip. If you ‌look at the Ansible play, you’ll notice we also take the approach of checking for SSH connectivity before doing anything too. This is an additional safety net to ensure our whole flow works.

Before we run the Ansible play, we create an inventory file with the host name for our ec2 instance. If we were starting multiple machines, we’d populate the inventory with all the hosts to connect to.

The last step is to run the play. Our SSH key is automatically picked up from $ENV0_ENV, so we just point to the environment variable here.

Et voilà! Our host is up and running, fully configured.


This is a simple example, but the fundamentals would stay the ‌same for something more complex. Key to it all is the env0.yml file for the custom flow. If you’d like to see a version of this blog as a video instead, you can view it here:

If you’re managing an infrastructure using Terraform and Ansible today, we’d love to hear about your experiences. Drop us a message on Twitter!


[1] You can make your own custom deployment image when using the self-hosted agent.

With special guest
Adam Jacob

Schedule a technical demo to see env0 in action

CTA Illustration