Day 58 of 90 Days of DevOps Challenge: Terraform Workspaces, Taint & Untaint Explained

On Day 57, I deep-dived into Terraform modules and learned how to design reusable, maintainable, and environment-specific infrastructure using root and child module structures. I explored how modular code improves clarity and scalability in Infrastructure as Code (IaC). It laid the groundwork for building multi-environment setups with minimal code duplication.

Today, I focused on understanding and implementing Terraform Workspaces, a powerful feature for managing multiple environments (like dev, QA, UAT, and prod) using the same codebase but isolated state files.

Terraform Workspaces

Terraform workspaces allow you to use one infrastructure script across multiple environments, while maintaining separate state files for each. This is ideal for real-world infrastructure where dev, staging, and production environments often share similar architecture but require isolation.

Key Commands:

$ terraform workspace show          # View current workspace
$ terraform workspace new dev       # Create a new workspace for dev
$ terraform workspace new qa        # Create a new workspace for QA
$ terraform workspace list          # List all available workspaces
$ terraform workspace select dev    # Switch to dev workspace

Note: Workspaces keep state files separate, ensuring no overlap or accidental changes across environments.

Step-by-Step: Working with Workspaces

Here’s how I implemented workspaces for a multi-environment Terraform setup:

Step 1: Set up the Terraform project structure

Organized the project directory with provider.tf, main.tf, variables.tf, and outputs.tf.

Step 2: Create environment-specific variable files

Each environment had its own variable definitions:

• dev.tfvars

• qa.tfvars

• prod.tfvars

Step 3: Create workspaces

terraform workspace new dev  
terraform workspace new qa  
terraform workspace new prod

Step 4: Select the desired workspace

terraform workspace select dev

Step 5: Apply infrastructure using environment variables

terraform apply --var-file=dev.tfvars

Step 6: Switch and deploy for other environments

terraform workspace select qa  
terraform apply --var-file=qa.tfvars

Each environment now has its own isolated state, eliminating cross-environment interference. This makes managing changes, rollbacks, and deployments much safer and more organized.

Taint & Untaint — Forcing Resource Recreation

Sometimes, infrastructure resources become unhealthy or corrupted, and we need to recreate them without changing code. That’s where Terraform’s taint and replace features come in.

Use Case:

Let’s say an EC2 instance becomes faulty:

terraform taint aws_instance.vm1
terraform apply --auto-approve

Terraform will mark the instance for destruction and recreation during the next apply.

Alternative: Using -replace

terraform apply -replace="aws_instance.vm1"

This is the modern and recommended approach for replacing resources explicitly.

Final Thoughts

Today’s session was a major milestone in my Terraform journey. Learning about workspaces provided a clear path to managing multi-environment deployments cleanly and efficiently, while taint/replace added an extra layer of control over infrastructure lifecycle management. These tools are essential for real-world DevOps practices where stability, environment separation, and flexibility are critical.