Problems with Terraform Workspaces

A really good intro with the main reason to avoid workspaces was given in a few lines in this blog post: Other problems with workspaces are detailed after that.

Terraform provides a feature called Workspaces which allows you to define the infrastructure for a root module once, then use the terraform workspace command to change the .tfvars file being used to populate values in the Terraform configuration. Note that this is different from a workspace in Terraform Cloud/Enterprise, so the following advice does not apply to those.

On the surface, this would seem to be an elegant solution to deploying multiple environments and making sure they are exactly the same. After all, if you deploy your dev environment, stage environment, and prod environment with exactly the same code, just different variables, you can be sure that they should be as similar as possible.

Unfortunately, this is also the problem with workspaces. If you force your development and production environments to use the same exact code, how do you test new versions of your infrastructure? Let’s say you want to change your application to be backed by a different type of datastore, or add in some new AWS resource that was just released. How do you do that in your development environment without doing it in production at the same time? While there are ways to do it with ternary operators, dynamic resources, or other tricks, those can introduce unwanted complexity or cause resources to be renamed, setting you up for potentially wiping out production resources if you’re not careful.