Create multiple arguments for azurerm_application_gateway using workspaces

I’m trying to create and use the same Application Gateway over and over.
I’ve successfully setup dynamic block and am running for_each to create multiple frontend ports, backend address pools, probes, listeners, etc.
I’m wanting to take that to the next level and use workspaces as well.

I have several maps in my tfvars files for each of the application environments.
When I drop into a workspace (or simply run it from default referencing a different tfvars file) it see it as a change to the existing arguments rather than creating new arguments until the existing resource group.

Here is a chunk of the main.tf-

resource “azurerm_application_gateway” “APPGW-WESTHUB-PRIVATE” {
provider = azurerm.secondary_subscription_alias
name = “APPGW-WESTHUB-PRIVATE”
resource_group_name = “RG_Westhub”
location = “West US”

sku {
name = “Standard_v2”
tier = “Standard_v2”
}

autoscale_configuration {
min_capacity = “1”
max_capacity = “10”
}

identity {
identity_ids = [data.azurerm_user_assigned_identity.Managed_ID_West.id]
}

gateway_ip_configuration {
name = “appgw-westhub-private”
subnet_id = data.azurerm_subnet.subnet-westhub-appgw.id
}

frontend_ip_configuration {
name = “appgwPUBLICfrontendipDONOTUSE”
public_ip_address_id = data.azurerm_public_ip.appgw-west-public.id
}

frontend_ip_configuration {
name = “appgwPRIVATEfrontendip”
subnet_id = data.azurerm_subnet.subnet-westhub-appgw.id
private_ip_address_allocation = “Static”
private_ip_address = “10.251.140.200”
}

trusted_root_certificate {
name = “PremRootCA”
data = “*************************”
}

dynamic “frontend_port” {
for_each = [for l in var.lb_fe_port : {
name = l.frontend_port
port = l.frontend_port
}]

content {
  name = "${local.env}_${frontend_port.value.name}"
  port = frontend_port.value.port
}

}

dynamic “ssl_certificate” {
for_each = [for l in var.lb_ssl_west : {
name = l.name
key_vault = l.key_vault
}]

content {
  name                = ssl_certificate.value.name
  key_vault_secret_id = ssl_certificate.value.key_vault
}

}

dynamic “backend_address_pool” {
for_each = [for l in var.lb_private_west : {
name = “${l.name}_addresspool”
members = l.members
}]

content {
  name         = "${local.env}_${backend_address_pool.value.name}"
  ip_addresses = backend_address_pool.value.members
}

}

dynamic “probe” {
for_each = [for l in var.lb_private_west : {
name = “${l.name}_probe”
hostname = l.hostname
path = l.path
protocol = l.protocol
}]

content {
  name                = "${local.env}_${probe.value.name}"
  host                = probe.value.hostname
  path                = probe.value.path
  protocol            = probe.value.protocol
  interval            = 30
  timeout             = 30
  unhealthy_threshold = 3
}

}

dynamic “backend_http_settings” {
for_each = [for l in var.lb_private_west : {
name = “{l.name}_http" path = l.path protocol = l.protocol port = l.backend_port probe_name = "{l.name}_probe”
backend_trusted_root_list = l.backend_trusted_root_list
hostname = l.hostname
}]

content {
  name                           = "${local.env}_${backend_http_settings.value.name}"
  cookie_based_affinity          = "Disabled"
  path                           = backend_http_settings.value.path
  protocol                       = backend_http_settings.value.protocol
  port                           = backend_http_settings.value.port
  request_timeout                = 20
  probe_name                     = "${local.env}_${backend_http_settings.value.probe_name}"
  trusted_root_certificate_names = backend_http_settings.value.backend_trusted_root_list
  host_name                      = backend_http_settings.value.hostname
}

}

dynamic “http_listener” {
for_each = [for l in var.lb_private_west : {
name = “${l.name}_listener”
frontend_portname = l.frontend_port
protocol = l.protocol
hostname = l.hostname
cert = l.cert
}]

content {
  name                           = "${local.env}_${http_listener.value.name}"
  frontend_ip_configuration_name = "appgwPRIVATEfrontendip"
  frontend_port_name             = "${local.env}_${http_listener.value.frontend_portname}"
  protocol                       = http_listener.value.protocol
  host_name                      = http_listener.value.hostname
  ssl_certificate_name           = http_listener.value.cert
}

}

dynamic “request_routing_rule” {
for_each = [for l in var.lb_private_west : {
name = “{l.name}_rr" listener = "{l.name}_listener”
address_pool = “{l.name}_addresspool" http = "{l.name}_http”
}]

content {
  name                       = "${local.env}_${request_routing_rule.value.name}"
  rule_type                  = "Basic"
  http_listener_name         = "${local.env}_${request_routing_rule.value.listener}"
  backend_address_pool_name  = "${local.env}_${request_routing_rule.value.address_pool}"
  backend_http_settings_name = "${local.env}_${request_routing_rule.value.http}"
}

}
}

I’ve tried a few things, the outcome is always the same- overwrite the existing arguments rather than creating new-

1- terraform apply -var-file=“PremierSummNP.tfvars” -var-file=“PremierAppNP.tfvars”
2- adjusted filenames to auto.tfvars
3- terraform workspace new PremierSummNP and then run apply