Setup prod/dev workspaces with Terraform Cloud

I can’t really get my head around how to set up workspaces for different environments. My plan is to have a dev and a prod workspace both in Terraform Cloud, with the dev being a CLI-driven and prod a VCS-driven workflow.

The use case is to create simple GCP resources and the idea is to test the resources in a dev project (so the only variable that is changing depending on the env is the project) and if that’s fine create a PR and deploy to prod. Could anyone please explain how I can achieve this?

I’d suggest using 1 branch per environment, each linked to a seperate Tf workspace. I.e. your development branch in git is linked to a “dev” workspace, which deploys to a “dev” GCP environment. When you’re ready use a PR to merge to master, which is linked to a “prod” workspace, that deploys to a “prod” GCP environment.

hi Jan-Willem, thank you for your answer. In that case, I would only be able to plan and apply on the dev branch if I merge, is that correct? I wanted to avoid that to make the dev process quicker as this is for a lightweight project.

But if I am following your advice, could you explain a bit more how you would set that up please? I understand that for VCS workflows I don’t have to use the cloud block and it needs to be set up via the UI? Do I still need to create the workspaces in the CLI? How would I link the workspaces to the different environments? e.g I was think about setting up variables this way, would this still be the right way?

variable "project" {
  type        = map
  description = "Google Cloud Platform project name"
  default     = {
    dev  = "<PROJECT>-dev"
    prod = "<PROJECT>"

It’s security (Zero Trust) best practice for reducing the “blast radius” in case of compromise to use different cloud accounts for prod and dev.