Blue-Green Deployments with OpenTofu/Terraform and Ansible on EC2

This article shows how OpenTofu or Terraform and Ansible can work together to support blue-green deployments on EC2. The approach keeps infrastructure provisioning and configuration management separate while still allowing both layers to move together through a single deployment workflow.

Introduction to Blue-Green Deployments

Blue-green deployment is a strategy for reducing deployment risk and downtime by maintaining two near-identical environments: blue and green. At any given time, one environment serves production traffic and the other is available for validation, rollout, or rollback.

That gives you a safer path for introducing change, because you can prepare and test the idle environment before switching production traffic across.

Solution Overview

In this model:

• OpenTofu or Terraform manages the infrastructure
• Ansible handles configuration of the workload
• the CI pipeline selects the target colour
• environment-specific configuration is applied only to the idle side

That keeps the deployment process predictable and makes rollback much simpler.

The repository can be structured like this:

├── Ansible
│   ├── playbook.yml
│   └── roles
│       └── nginx
│           ├── tasks
│           │   └── main.yml
│           ├── templates
│           │   └── index.html.j2
│           └── vars
│               ├── blue.yml
│               └── green.yml
├── Terraform
│   ├── asg.tf
│   ├── blue.tfvars
│   ├── green.tfvars
│   ├── data.tf
│   ├── sg.tf
│   ├── terraform.tf
│   └── user_data.tpl
└── README.md

Leveraging OpenTofu/Terraform Workspaces

Workspaces can be a good fit for blue-green deployment because each workspace maintains separate state. That said, they are not the only option. Separate tfvars files can also work well if you prefer to keep environment selection explicit in the pipeline.

Create and select workspaces with:

terraform workspace new <workspace_name>
terraform workspace select <workspace_name>

Managing Variables and Configuration

The deployment colour selected in the CI pipeline determines which variable files are used in both OpenTofu or Terraform and Ansible.

After initialising the workspace, you can apply the correct variable set:

terraform plan -var-file=green.tfvars

For the configuration layer, user_data can pass the chosen colour into ansible-pull, which then uses include_vars to load the correct application settings for the blue or green side.

That gives you:

• a clear split between infrastructure and configuration
• shared code for both environments
• a controlled way to switch traffic and revert if needed

Conclusion

Blue-green deployments can be implemented in several ways, but OpenTofu or Terraform combined with Ansible gives you a practical model for EC2 workloads. The result is a cleaner rollout path, lower deployment risk, and a much easier rollback story when something does not behave as expected.