HCP Control
Projects​
Projects allow you to organize workspaces and scope access to workspaces. Each project has a separate set of permissions that you can use to grant teams access to all workspaces in the project, setting boundaries. Project-level permissions are more granular than organization-level permissions.
When deciding how to structure your projects, consider which groups of resources need distinct access rules. You may want to define projects by business units, departments, subsidiaries, or technical teams.
Each workspace must belong to a project, with the Default project already defined by default.
To create a project, your account must be a member of a team with Manage All Projects permission.
Best practices:
- Avoid having everything within a single
Defaultproject. Creating new projects ensures a closed scope for a specific team, improving security with specific permissions for this team. - A project allows you to have a set of variables that will be inherited in all workspaces of the project, for example credential variables.
- In addition to creating projects via the graphical interface, we can use Terraform itself for this with the TFE provider. Usually, the names we give to this HCP Terraform management project are
landing zone,groundwork, etc. - Restrict the number of administrators per project to maintain the principle of least privilege security.
- Use dynamic credentials avoiding hardcoding long-lived static credentials.
- Define tags that will be used in all resources of the same project.
Workspaces​
As we saw previously, a workspace is a group of infrastructure resources managed by Terraform. When we run locally, Terraform manages infrastructure resources in a local directory, which contains a configuration, state data, and variables.
HCP Terraform manages infrastructure collections with workspaces instead of directories. A workspace contains everything Terraform needs to manage a given collection of infrastructure, and separate workspaces function as completely separate working directories.