Bootstrap Workspaces and the tfe Provider

I use the tfe provider to create workspaces and workspace variables on Terraform Cloud
because, among other projects, I have an application with 4 environments which has many environment variables.
Creating them by hand in Terraform Cloud would be tedious.
I want the state created by the tfe provider to also live in Terraform Cloud.
So I create an initial bootstrap workspace which creates all the workspaces, and then those
workspaces point to actual AWS infrastructure. The tfe code and the AWS code are in the same repository, but all the tfe code is in a folder called tfe, and the AWS code is in the root directory.

There are some downsides to this but seemingly no alternative:

  • The bootstrap workspace state must be created locally.
  • Terraform Cloud is cluttered with bootstrap workspaces for each project.

Initially I had only one master bootstrap workspace which created everything but there was
contention for it from people working on different projects.

Is there a better approach or any feature in the works?

I’m also struggling with the same issue. We are creating projects with restricted permissions for each team and to enforce policies we only allow them to create workspaces through terraform. Here we also have the same chicken-egg problem. Maybe those ephemeral workspaces will provide a solution?