Terraform Cloud Adds ‘Projects’ to Organize Workspaces at Scale

We are excited to announce the release of a new organizational structure called projects, now generally available for Terraform Cloud. Projects help users organize and centrally manage their workspaces at scale while providing more granular permissions to a subset of workspaces. This post discusses why we changed the way Terraform Cloud workspaces are organized and reviews the details of the new feature.

»Challenges in Workspace Management

As the number of workspaces and teams in a Terraform Cloud organization grows, several management and access challenges emerge:

»Lack of Flexibility and Complex Workarounds

Terraform Cloud users are unable to group related workspaces and can apply permissions only at the organization or individual workspace level. This has led some customers to split their workspaces across multiple organizations to work around the resource-hierarchy limitations. These multi-org workarounds result in additional complexity and overhead and require context switching to access all of the workspaces.

»Limitations with Organization-Level Permissions

Previously, organization-level admin permissions were needed to create workspaces. If a general user wanted to create new workspaces, they would need to request approval from the organization admin. This situation created potential bottlenecks and pushed admins to create multiple organizations or assign excessive admin rights to achieve their desired permissions, which could open the platform to more security risks.

»Introducing Projects for Terraform Cloud

Projects are a new layer below the organization level and above the workspace level that gives users a way to logically group workspaces. Projects allow teams to safely self-manage workspaces and enables organization admins to create logical ownership boundaries to ensure security.

The Workspaces page in the Terraform Cloud UI is now called “Projects and Workspaces”. This page allows users to:

• Create new projects within an organization
• Create new workspaces within projects
• Move workspaces between projects

Team-based permissions can be applied to a project instead of an entire organization. Read or admin permissions can be assigned to each team so teams have only the access necessary to do their jobs:

»Projects’ Benefits

Projects allow users to group workspaces and define permissions to enable safe and efficient workflows.

»Increased Agility with Workspace Organization

Related workspaces can be added to projects to simplify and organize a team's workspace view. Teams can now create and manage infrastructure in their designated project without requesting admin access at the organizational level.

»Reduced Risk with Centralized Control

Project permissions allow teams to have admin access to a subset of workspaces. This helps users safely manage their workspaces without interfering with other teams’ infrastructure and enables organization owners to maintain the principle of least privilege.

»Better Efficiency with Self-Service

In October 2022, Terraform Cloud introduced greater self-service capabilities with a no-code provisioning workflow. No-code provisioning is now integrated with projects, which means teams with project-level admin permissions can provision no-code modules directly into their project without requiring organization-wide workspace management privileges.

»Summary and Resources

To ensure safe and efficient workflows, workspace groupings and their permissions must align with how teams are structured. Projects provide simplified workspace organization and granular permissions to meet team requirements without additional overhead.

For more information, check out the Organize Workspaces with Projects documentation, tutorial, and demo video:

Get started with Terraform Cloud for free to begin provisioning and managing your infrastructure in any environment.