Terraform Cloud Adds ‘Projects’ to Organize Workspaces at Scale
Projects in Terraform Cloud allow users to isolate particular subsets of workspaces and define permissions within a single organization.
We are excited to announce the release of a new organizational structure called projects, now generally available for Terraform Cloud. Projects help users organize and centrally manage their workspaces at scale while providing more granular permissions to a subset of workspaces. This post discusses why we changed the way Terraform Cloud workspaces are organized and reviews the details of the new feature.
» Challenges in Workspace Management
As the number of workspaces and teams in a Terraform Cloud organization grows, several management and access challenges emerge:
» Lack of Flexibility and Complex Workarounds
Terraform Cloud users are unable to group related workspaces and can apply permissions only at the organization or individual workspace level. This has led some customers to split their workspaces across multiple organizations to work around the resource-hierarchy limitations. These multi-org workarounds result in additional complexity and overhead and require context switching to access all of the workspaces.
» Limitations with Organization-Level Permissions
Previously, organization-level admin permissions were needed to create workspaces. If a general user wanted to create new workspaces, they would need to request approval from the organization admin. This situation created potential bottlenecks and pushed admins to create multiple organizations or assign excessive admin rights to achieve their desired permissions, which could open the platform to more security risks.
» Introducing Projects for Terraform Cloud
Projects are a new layer below the organization level and above the workspace level that gives users a way to logically group workspaces. Projects allow teams to safely self-manage workspaces and enables organization admins to create logical ownership boundaries to ensure security.
The Workspaces page in the Terraform Cloud UI is now called “Projects and Workspaces”. This page allows users to:
- Create new projects within an organization
- Create new workspaces within projects
- Move workspaces between projects
Team-based permissions can be applied to a project instead of an entire organization. Read or admin permissions can be assigned to each team so teams have only the access necessary to do their jobs:
» Projects’ Benefits
Projects allow users to group workspaces and define permissions to enable safe and efficient workflows.
» Increased Agility with Workspace Organization
Related workspaces can be added to projects to simplify and organize a team's workspace view. Teams can now create and manage infrastructure in their designated project without requesting admin access at the organizational level.
» Reduced Risk with Centralized Control
Project permissions allow teams to have admin access to a subset of workspaces. This helps users safely manage their workspaces without interfering with other teams’ infrastructure and enables organization owners to maintain the principle of least privilege.
» Better Efficiency with Self-Service
In October 2022, Terraform Cloud introduced greater self-service capabilities with a no-code provisioning workflow. No-code provisioning is now integrated with projects, which means teams with project-level admin permissions can provision no-code modules directly into their project without requiring organization-wide workspace management privileges.
» Summary and Resources
To ensure safe and efficient workflows, workspace groupings and their permissions must align with how teams are structured. Projects provide simplified workspace organization and granular permissions to meet team requirements without additional overhead.
For more information, check out the Organize Workspaces with Projects documentation, tutorial, and demo video:
Get started with Terraform Cloud for free to begin provisioning and managing your infrastructure in any environment.
Sign up for the latest HashiCorp news
More blog posts like this one
HCP Terraform adds run queue visibility and new ephemeral workspace features
HCP Terraform and Terraform Enterprise gain new features related to ephemeral workspaces along with run queue visibility for HCP Terraform specifically.
Automate AWS deployments with HCP Terraform and GitHub Actions
Learn how to use GitHub Actions to automate HCP Terraform operations.
Access AWS from HCP Terraform with OIDC federation
Securely access AWS from HCP Terraform using OIDC federation, eliminating the need to use access keys.