Terraform Workspace & Environment Strategy
Advancedv1.0.0
Design multi-environment Terraform deployments using workspaces, directory-based separation, or Terragrunt — manage dev, staging, and production with consistent infrastructure and minimal duplication.
Content
Overview
Managing multiple environments (dev, staging, production) in Terraform requires a strategy that balances code reuse with isolation. The three main approaches are workspaces, directory-based separation, and Terragrunt wrappers.
Why This Matters
- -Consistency — same infrastructure code across all environments
- -Isolation — mistakes in dev do not affect production
- -Auditability — clear separation of state per environment
- -Cost control — smaller instances in dev, larger in prod
Approach 1: Directory-Based (Recommended)
Approach 2: Workspaces with .tfvars
Approach 3: Terragrunt (DRY at Scale)
Comparison
| Feature | Directories | Workspaces | Terragrunt |
|---|---|---|---|
| State isolation | Separate backends | Same backend, different keys | Separate backends |
| Code duplication | Some (main.tf per env) | Minimal | Minimal |
| Complexity | Low | Low | Medium |
| CI/CD clarity | Clear (path = env) | Needs workspace switching | Clear |
| Best for | Small-medium teams | Simple projects | Large organizations |
Best Practices
- -Use directory-based for most teams (clearest mental model)
- -Keep modules DRY — environment-specific config only in tfvars
- -Separate state per environment (different S3 keys or backends)
- -Use consistent naming:
{project}-{env}-{resource} - -Production should require approval gates in CI/CD
Common Mistakes
- -Using workspaces as a substitute for proper environment isolation
- -Sharing the same state backend without separate keys
- -Hardcoding environment-specific values instead of using tfvars
- -Not testing in dev/staging before applying to production
FAQ
Discussion
Loading comments...