Projects & Workspace
Categories:
less than a minute
Projects
Projects let you organize your workspaces and scope access to workspace resources. Each project has a separate permissions set that you can use to grant teams access to all workspaces in the project. Project-level permissions are more granular than organization-level permissions, but more specific than individual workspace-level grants.
Workspaces
When run locally, Terraform manages each collection of infrastructure with a persistent working directory, which contains a configuration, state data, and variables. Since Terraform CLI uses content from the directory it runs in, you can organize infrastructure resources into meaningful groups by keeping their configurations in separate directories.
Terraform Cloud manages infrastructure collections with workspaces instead of directories. A workspace contains everything Terraform needs to manage a given collection of infrastructure, and separate workspaces function like completely separate working directories.
It’s always a good idea to adhere to least priviledge access methods and limit access to cloud platform landing zones based on limiting what the service principal you use in Terraform cloud has access to. So in Azure you could think of linking a workspace with a subscripton.
Every workspace must belong to exactly one project.
Workspace contents
| Component | Terraform local | Terraform Cloud |
|---|---|---|
| Configuration | Disk | VCS |
| Variables | TFVARS | Workspace |
| State | Disk or remote | Workspace |
| Credentials/secrets | Local environment | Workspace |