A workspace is where all objects related to Terraform and OpenTofu managed resources are stored and managed. This is where you can find state, update the Terraform and OpenTofu versions, manage variables, see run history, and much more. Workspaces can be as simple as a single resource or can be a complex monolithic configuration, it all depends on your use case and the directories that the workspace is linked to. A workspace can be integrated with your existing workflow whether it is a GitOps approach through a VCS provider, using the native Terraform CLI, or deploying modules directly in the UI. All workspace types follow the same pipeline:

Workspace Pipelines


Plan, which allows users to view the planned creation, update, or destruction of resources through the standard console output or visual plan view. The visual plan alerts users of destructive changes and makes it easier to search the plan when many resources are affected.

Cost Estimate

Cost Estimate, which will show you the estimated cost for the resources that are being created. This information can be used for writing a policy to check cost. See Infracost for details of providers and resources that are currently included in the cost estimation.

Policy Check

Policy Check, which is used to check the Terraform plan JSON output against Open Policy Agent policies. This step can be used to enforce company standards.


Apply, which will actually create, update, or destroy the resources based on the Terraform configuration file.

Managing Workspaces

While workspaces are created and updated in the environment scope, you do have the option to view all workspaces that you have access to at the account scope. The account scope view aggregates all workspaces across environments into a single dashboard with the ability to also execute runs from there if you have the proper permissions to do so. The permission workspaces:read must be granted at the account scope to view the workspaces.

What’s Next

Select a VCS, CLI, or Module-based workspace next.