Seeking for advice on how workspaces should be organized on TF cloud

Hi Terraform experts,

Our team just started to use Terraform Cloud to manage our product and we would like to get some advice on how workspaces should be organized.

Our product consists of 3 micro services. Currently in each deploy environment, we have 3 workspaces roughly one for each micro service. The following graph shows the structure:

As you can see, each workspace is relatively self contained and there’s not much dependency among workspaces.

Another approach we are thinking of is to extract some of the resources out into their own workspaces, for example:

  • DB resources – they are critical and change less frequent, putting it together with other resources with more frequent changes in the same workspace adds the chance of misconfiguration
  • VPC resources – they usually affects multiple services, putting it under one service workspace may be hard to manage in the future.

So the structure of this approach will look like the following graph:

I feel this will give us better isolation and easier management but it adds more dependencies among workspaces and we have the concern misconfiguration will be harder to detect – resources dependencies misconfiguration within a workspace can be easily detected at plan stage.

I’m wondering if there’s any general best practice on how workspaces should be structured? Thanks in advance!


Kindly ping:)

We really love this product and would like to know how we can make the best use of it.

Ideally what we would like to achieve is:

  • An isolation of resources at a finer granularity
  • A way to detect impact over downstream workspaces when planning the upstream workspace. (Upstream workspace means its output is used by a downstream workspace).

Ping again. Any insights will be helpful to us:-)

Hi Junfeng,

Sharing my two cents. It depends on mostly your current ways of working in the areas of devops, infra deployments etc,

For example let us say , your teams are mostly app based or project based it would help if you have environment based workspaces mapping to respective repositories where teams maintain their code in VCS. Accordingly you can setup teams , organizations etc.,
Your organizations can be LOB based, cloud account based, whereas teams and workspaces can be project/app based. Hope this gives you some direction in which you have to work on.

While this is one direction, there is no one size fits all, check your current ways of automation and accordingly act on the same. Thanks

1 Like