Terraform workspaces allow you to use a different state file from the CLI, or the equivalent with Terraform Cloud.
Workspaces are used to provide cooperative isolation. They can be thought of like programming language namespaces.
A workspace called
production is created (and initially switched to) with:
terraform workspace new production
You can switch back to the
default workspace with:
terraform workspace select default
Here’s a nice example of a terraform script that manages 2 workspaces using terraform locals,
default (test) and
production, depending on the current workspace:
medium.com: Terraform workspaces and locals for environment separation (2017)
And here’s a 2021 github issue on how to use workspaces under terragrunt:
github.com: Support for terraform workspaces? #1581
Use Cases for Workspaces
It’s common to use separate AWS accounts for test and production environments, and workspaces let you assign workspace names to teams or clusters within each of those accounts.
Or a single cloud account can be used, and workspaces used with names like default for test, and separate names for teams.
Note that using workspaces provides a separation mechanism that’s better than nothing at avoiding resources getting stepped on, but somebody can still do a select command into your team’s workspace.