Using variables with remote backend

l.monkev · May 19, 2021, 4:23pm

Hey, I am thinking about using tfe provider to create organizations and workspaces in Terraform Enterprise, however I would like to use it with the remote backend

something like this:

terraform {
  backend "remote" {
    hostname     = "hostname"
    organization = tfe_organization.test-organization.name

    workspaces {
      name = tfe_workspace.test-workspace.name
    }
  }
  required_providers {
    tfe = {
      source = "hashicorp/tfe"
      version = "0.25.3"
    }
  }
}
provider "tfe" {
  hostname = "hostname"
  token    = "token-value"
}

resource "tfe_organization" "test-organization" {
  name  = "my-org-name"
  email = "admin@company.com"
}

resource "tfe_workspace" "test-workspace" {
  name         = "my-workspace-name"
  organization = tfe_organization.test-organization.id
}

however, I cant use variables in backend configuration for workspace and organization, what could be the most optimal option to somehow create the organization and workspace and then use it in backend ?

Thank you.

chrisarcand · May 20, 2021, 1:18am

Hello, and welcome to the forum!

To both create an organization and the workspace - from that workspace - presents a bit of a chicken or the egg problem - specifically, you’re trying to configure the remote backend for a workspace that doesn’t exist yet and attempting to be provisioned from the same workspace!

However, the sort of ‘bootstrapping’ you wish to do here is a common pattern: you have a ‘bootstrap’ or ‘meta’ workspace in TFC which will provision everything else you want in TFC (including separate organizations, if you like).

Create an organization in Terraform Cloud.
Configure the remote backend to use that organization. Set a workspaces name to whatever you want - if it doesn’t exist in the organization already, the remote backend will create it for you!
In this ‘bootstrap’ workspace, you can set the token for the TFE provider in workspace variables, and then pass it to your configuration here (like var.provider_token).
Now you can provision any other organizations/workspaces/whatever from this workspace!

There’s a lot of other things you can do depending on finer details about your situation, but I hope that’s a good start!

l.monkev · May 20, 2021, 9:13am

Hey Chris! Thanks for the quick reply !

This was exactly what I’ve thought, that I would have to create a “main” organization and workspace and then create other orgs/workspaces in code, but I had some hopes that I would be able to rely only on CasC, nevertheless thanks for in-depth explanation!

Thanks!