diff --git a/terraform/README.md b/terraform/README.md
index 3816d016..2537b7ce 100644
--- a/terraform/README.md
+++ b/terraform/README.md
@@ -163,6 +163,7 @@ terraform apply -var-file=<your_workspace>.tfvars
 
 | Name | Source | Version |
 |------|--------|---------|
+| bod\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | bod\_docker\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_bastion\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
 | cyhy\_dashboard\_ansible\_provisioner | github.com/cloudposse/terraform-null-ansible | n/a |
diff --git a/terraform/bod_bastion_ec2.tf b/terraform/bod_bastion_ec2.tf
index 4677ead3..effb9bdc 100644
--- a/terraform/bod_bastion_ec2.tf
+++ b/terraform/bod_bastion_ec2.tf
@@ -44,3 +44,19 @@ resource "aws_instance" "bod_bastion" {
     },
   )
 }
+
+# Provision the bastion EC2 instance via Ansible
+module "bod_bastion_ansible_provisioner" {
+  source = "github.com/cloudposse/terraform-null-ansible"
+
+  arguments = [
+    "--user=${var.remote_ssh_user}",
+    "--ssh-common-args='-o StrictHostKeyChecking=no'",
+  ]
+  envs = [
+    "host=${aws_instance.bod_bastion.public_ip}",
+    "host_groups=bod_bastion",
+  ]
+  playbook = "../ansible/playbook.yml"
+  dry_run  = false
+}
diff --git a/terraform/scripts/deploy_new_bod_bastion_ami.sh b/terraform/scripts/deploy_new_bod_bastion_ami.sh
index 840cf53b..218b5ef5 100755
--- a/terraform/scripts/deploy_new_bod_bastion_ami.sh
+++ b/terraform/scripts/deploy_new_bod_bastion_ami.sh
@@ -44,4 +44,5 @@ terraform apply -var-file="$workspace.tfvars" \
   -target=aws_route53_record.bod_rev_bastion_PTR \
   -target=aws_security_group_rule.bastion_self_ssh \
   -target=aws_security_group_rule.bastion_ssh_from_trusted \
-  -target=aws_security_group_rule.bastion_ssh_to_docker
+  -target=aws_security_group_rule.bastion_ssh_to_docker \
+  -target=module.bod_bastion_ansible_provisioner