Terrafrm Cloud and special permissions for state "sharing"


So it is clear that we can manage/create Workspaces in Terrafrom Cloud with the TFE provider.

When creating the Workspace with TFE we have the options to:

  • allow the state to be “consumed” by other workspaces in the whole organization


  • allow the state to be “consumed” just by a selected specific other workspaces. In the TF provide this is done with the option remote_state_consumer_ids

What if I want to create all the workspaces with a for_each cycle. For example:

resource "tfe_workspace" "core_workspaces" {
  for_each     = var.core_workspaces
  name         = each.key
  organization = "main-organization"
  terraform_version = "0.13.5"
  working_directory = each.value.working_directory
  remote_state_consumer_ids = ??????
  vcs_repo {
      identifier = each.value.repo
      branch = each.value.branch
      oauth_token_id = var.oauth_token_id

I guess there is not way to provide this “remote_state_consumer_ids” dynamically if we use for each ?

I want to create different workspaces for different environments:


But want DEV workspaces to have access only to remote state of DEV and PROD workspaces to have access only to emote state of PROD .

Do I need to create each and every workspaces individually so I can provide the WORKSPACES ID dynamically ? (remote_state_consumer_ids)

Anyone had this problem ?

Thank for the answers in advance :slight_smile:


I guess I am looking for something like:


With that resource you can dynamically provide WORKSPACES IDs since they are ALREADY created and I can iterate over some of it again and provide necessary access to remote state