I haven't found an easy way to separate my remote terraform workspaces, using a remote backend, where I can control access to different workspaces easily.
i.e. lets say I have 3 workspaces:
- app-dev
- app-int
- app-prod
Let's say I wanted app-dev
to have general access by the team, but not to other teams, and then I wanted app-int
and especially app-prod
to have limited access, where perhaps only CI can touch those workspaces.
How can I do this, when not using terraform cloud? This seems like obvious functionality to want, but it feels like they purposely left it out so teams have to buy terraform cloud to have any sense of security. I'm curious how other people have worked around it.