TL;DR
Terraform Cloud’s UI/VCS-driven run workflow for developers. Terraform Cloud’s CLI-driven run workflow for DevOps engineers.
At my company, we’ve been utilizing Terraform for the past four months to automate provisioning/bootstrapping of services. Members of the Cloud team arrange in-house modules and execute terraform apply locally (state stored in s3). The next stage of our “Terraform journey” is trying to setup a “self-service” workflow where developers provision their own infrastructure with DevOps engineers providing oversight. Our ideal workflow would be to utilize Terraform Cloud’s UI/VCS-driven run workflow so developers can make small IaC modification via git (CI/CD pipeline) but still giving DevOps engineers the power to apply changes via the CLI for quick feedback cycles. By default, Terraform Cloud’s UI/VCS-driven run workflow, once configured, does not allow any further CLI driven runs. This can be frustrating for DevOps engineers to R&D Terraform code (in development environments) because they not only have to commit their Terraform changes, they have to wait for Terraform Cloud to execute those changes just to see if those changes worked.
Does anyone have some advice on how to utilize Terraform Cloud’s UI/VCS-driven run workflow for develops but still allow DevOps engineer the power to R&D new Terraform code quickly, preferably using terraform apply locally?