I want to have one Terraform Cloud workspace for my prod resources, and another for my staging resources.
Each will correspond to a separate directory in my GitHub repo.
I will have an AWS CodeBuild project, and an IAM role that the CodeBuild project uses, that will need access to resources from both the prod and staging environments. The CodeBuild IAM role will need to be an input in both the prod and staging directories, because each will include resource policies granting the role access.
How do I handle a situation like this, where I have a role that needs to appear in multiple Terraform Cloud workspaces?
Should I have a third workspace (and directory), called something like “CI,” where the CodeBuild project and its role will live, and then have data sources in the prod and staging directories that reference the CodeBuild IAM role by its role name?