Terraform Cloud Workspaces

All Foundations infrastructure is managed through Terraform Cloud (TFC), with workspaces organized by project and linked to GitHub repositories via VCS integration.

TFC Organization: Badal_devex
TFC Console: app.terraform.io/app/Badal_devex
Total Workspaces: 46 across 24 projects

Naming Conventions

Workspaces follow two naming patterns reflecting two generations of the platform:

New Convention (Pipeline-Generated)

Created by the create-business-unit and create-tenant modules:

{type}-{name}-{env_code}-{suffix}

Component	Values	Description
`{type}`	`bu`, `data`, `devex`, `platform`, etc.	Resource type or BU name
`{name}`	tenant or resource name	Identifies the specific workload
`{env_code}`	`c`, `d`, `np`, `p`, `ce`	Environment code
`{suffix}`	5-char alphanumeric	Unique identifier

Examples: bu-data-c-80r13, devex-backstage-np-mly9n, data-template-d-b8cbu

Legacy Convention

Created manually or by earlier tooling:

wrkspc-{env_code}-{domain}-{name}

Examples: wrkspc-np-devex-backstage, wrkspc-ce-bu-devex, wrkspc-d-data-tenant-0001

Environment Codes

Code	Environment
`c`	Common (cross-environment, new convention)
`ce`	Cross-environment (legacy convention)
`d`	Development
`np` or `n`	Non-production
`p`	Production

Key Active Workspaces

The top workspaces by managed resource count:

Workspace	Resources	VCS Repo	Purpose
`bu-data-c-80r13`	346	badal-io/bu-data-80r13	Data business unit (largest)
`bu-platform-c-0r4dp`	199	badal-io/bu-platform-0r4dp	Platform business unit
`wrkspc-ce-bu-devex`	149	badal-io/repo-bu-devex	DevEx BU (legacy)
`devex-terraform-module-registry`	122	badal-io/tfc-private-module-registry	Module registry (auto-apply)
`wrkspc-np-devex-backstage`	110	badal-io/repo-devex-backstage	Backstage non-prod (auto-apply, legacy)
`bu-test-pltln-c`	75	badal-io/bu-test-pltln	Test pipeline

Complete Workspace Listing

Business Unit Workspaces

Workspace	VCS Repo	Working Dir	Purpose
`bu-data-c-80r13`	badal-io/bu-data-80r13	`terraform/`	Data BU - manages tenant creation
`bu-platform-c-0r4dp`	badal-io/bu-platform-0r4dp	`terraform/`	Platform BU - manages platform tenants
`bu-test-pltln-c`	badal-io/bu-test-pltln	`terraform/`	Test pipeline BU
`bu-tfc-module-sandbox-c-34tqx`	-	`terraform/`	TFC module sandbox BU

Shared Workspaces

Shared workspaces manage per-BU shared infrastructure:

Workspace	VCS Repo	Purpose
`data-shared-c-80r13`	badal-io/bu-data-80r13	Data BU shared resources
`devex-shared-c-9c9dl`	badal-io/bu-devex-9c9dl	DevEx BU shared resources
`platform-shared-c-0r4dp`	badal-io/bu-platform-0r4dp	Platform BU shared resources
`test-shared-c-pltln`	badal-io/bu-test-pltln	Test BU shared resources

Data Tenant Workspaces

Workspace	VCS Repo	Environment
`data-template-d-b8cbu`	badal-io/data-template-b8cbu	Development
`data-template-np-b8cbu`	badal-io/data-template-b8cbu	Non-production
`data-template-p-b8cbu`	badal-io/data-template-b8cbu	Production
`data-governance-d-f6y39`	badal-io/data-governance-f6y39	Development

DevEx Backstage Workspaces

Workspace	VCS Repo	Convention	Auto-Apply
`devex-backstage-np-mly9n`	badal-io/devex-backstage-mly9n	New	No
`devex-backstage-p-mly9n`	badal-io/devex-backstage-mly9n	New	No
`wrkspc-np-devex-backstage`	badal-io/repo-devex-backstage	Legacy	Yes
`wrkspc-p-devex-backstage`	badal-io/repo-devex-backstage	Legacy	No

Module Registry Workspace

Workspace	VCS Repo	Auto-Apply
`devex-terraform-module-registry`	badal-io/tfc-private-module-registry	Yes

This workspace manages the TFC private module registry, publishing modules like create-business-unit/platform, create-tenant/platform, and integrated_repository/github.

Legacy BU Workspaces

DevEx BU (Legacy)

Workspace	VCS Repo	Environment
`wrkspc-ce-bu-devex`	badal-io/repo-bu-devex	Cross-environment
`wrkspc-d-bu-devex`	badal-io/repo-bu-devex	Development
`wrkspc-np-bu-devex`	badal-io/repo-bu-devex	Non-production
`wrkspc-p-bu-devex`	badal-io/repo-bu-devex	Production

Sandbox BU (Legacy)

Workspace	VCS Repo	Environment
`wrkspc-ce-bu-sandbox`	-	Cross-environment
`wrkspc-d-bu-sandbox`	-	Development
`wrkspc-np-bu-sandbox`	-	Non-production
`wrkspc-p-bu-sandbox`	-	Production

Demo BU (Legacy)

Workspace	VCS Repo	Environment
`wrkspc-ce-bu-demo`	-	Cross-environment

GKE Workspaces

Workspace	VCS Repo	Purpose
`wrkspc-demos-n-gke-demo`	-	GKE demo (non-production)
`wrkspc-demos-p-gke-demo`	-	GKE demo (production)
`wrkspc-p-demo-gke-hub`	-	GKE Hub (production)

Legacy Data Tenant Workspaces

Workspace	Environment
`wrkspc-d-data-tenant-0001`	Development
`wrkspc-n-data-tenant-0001`	Non-production
`wrkspc-p-data-tenant-0001`	Production
`wrkspc-d-data-tn0001`	Development
`wrkspc-n-data-tn0001`	Non-production
`wrkspc-p-data-tn0001`	Production
`wrkspc-d-data-tn0002`	Development
`wrkspc-n-data-tn0002`	Non-production
`wrkspc-p-data-tn0002`	Production
`wrkspc-d-data-tn0003`	Development
`wrkspc-n-data-tn0003`	Non-production
`wrkspc-p-data-tn0003`	Production

AI Agent Workspaces

Workspace	Environment
`wrkspc-d-ai-ag0001`	Development
`wrkspc-n-ai-ag0001`	Non-production
`wrkspc-p-ai-ag0001`	Production

Other Workspaces

Workspace	Purpose
`tmobbs-bu-test`	Test workspace
`gcp-foundations-projects-workspace-manager`	Workspace manager (no VCS)

Workspace Dependency Relationships

Workspaces follow the Foundations pipeline ordering. Downstream workspaces read outputs from upstream workspaces via terraform_remote_state or TFC state sharing:

Bootstrap workspaces
  └── Organization workspaces
      └── Environment workspaces
          └── Network workspaces
              └── Project / BU workspaces
                  └── Tenant workspaces

BU workspaces create tenant workspaces dynamically. When a new create-tenant module call is added to a BU repo, the BU workspace's apply creates new TFC workspaces for the tenant.

Environment Promotion Path

For tenants using environment-based branching:

development workspace → non-production workspace → production workspace
     (d branch)            (np branch)                (p branch)

Changes flow through environments by merging branches:

Developer creates feature branch from development
PR merged to development triggers dev workspace apply
development merged to non-production triggers non-prod apply
non-production merged to production triggers prod apply

For trunk-based tenants, all environment workspaces trigger from the same main branch.

Auto-Apply Workspaces

Most workspaces require manual approval for applies. The following are configured with auto-apply:

Workspace	Reason
`devex-terraform-module-registry`	Module registry updates should publish immediately
`wrkspc-np-devex-backstage`	Non-prod Backstage deploys automatically for rapid iteration

Two Generations

The workspace inventory reflects two generations of the Foundations platform:

Legacy Workspaces (`wrkspc-` prefix)

Created manually or by earlier tooling
Use cross-environment (ce) pattern with per-env overrides
VCS repos use repo- prefix (e.g., repo-bu-devex)
Some have no VCS connection (managed via CLI or API)

New Pipeline-Generated Workspaces

Created by the create-business-unit and create-tenant modules
Use environment-code-based naming with random suffixes
VCS repos use the module-generated names (e.g., bu-data-80r13)
All have VCS connections and follow the standard branching model

Both generations coexist in the same TFC organization. Legacy workspaces continue to function but new workloads use the pipeline-generated pattern.

Naming Conventions​

New Convention (Pipeline-Generated)​

Legacy Convention​

Environment Codes​

Key Active Workspaces​

Complete Workspace Listing​

Business Unit Workspaces​

Shared Workspaces​

Data Tenant Workspaces​

DevEx Backstage Workspaces​

Module Registry Workspace​

Legacy BU Workspaces​

DevEx BU (Legacy)​

Sandbox BU (Legacy)​

Demo BU (Legacy)​

GKE Workspaces​

Legacy Data Tenant Workspaces​

AI Agent Workspaces​

Other Workspaces​

Workspace Dependency Relationships​

Environment Promotion Path​

Auto-Apply Workspaces​

Two Generations​

Legacy Workspaces (wrkspc- prefix)​

New Pipeline-Generated Workspaces​