Handling one environment per developer

Hi, we are happy Terraform users, but are looking into improving things even more. We have a fairly basic setup with all environments in a single workspace (production.tf, stage.tf, etc). This approach works fairly well, but doesn’t handle developer-specific infrastructure.

A quick and dirty solution would be to create a module that sets up everything needed for a developer, and then add a module block for each developer.

module "developer-alice" {
  source = "./modules/developer"
  name = "alice"

module "developer-bob" {
  source = "./modules/developer"
  name = "bob"
# Etc...

I don’t like this approach because that would end up in source control and changes in branches would affect everyone.

A fancier approach would be to use terraform workspaces. Using some tricks it’s possible to size things appropriately according to environment, but things gets hairy for the edge cases. Certain resources may be globally unique and should be shared between workspaces, access rules will differ between workspaces, developers might only need non-server-resources like storage buckets, some security groups might need to reference multiple workspaces, etc.

This could possibly be handled by using terraform_remote_state, but it seems things would get very hairy and fragile quickly. Migrating the existing setup to workspaces scares me as well. :smiley:

Are there any additional approaches we haven’t thought of yet?