What is the difference between Terraform Stacks and traditional workspace management?

Terraform Stacks adds a management layer above individual workspaces, allowing you to treat multiple state files as a single deployment unit. While traditional workspaces require separate plan/apply operations for each state file and manual dependency coordination, Stacks automates provisioning across workspaces, manages dependencies through deferred changes, and applies orchestration rules to control deployment workflows across all related workspaces simultaneously.

Can I use Terraform Stacks with the open-source Terraform CLI?

No, Terraform Stacks is currently exclusive to HCP Terraform and cannot be used with the community edition. HashiCorp has indicated in blog posts that some Stacks functionality may be integrated into the community version in the future, but no timeline has been provided. The feature is currently in public beta with a 500-resource limit across all HCP Terraform pricing tiers.

How do Deferred Changes handle dependencies between components?

When a component's provider configuration references outputs from another component (such as a Kubernetes provider needing an EKS cluster endpoint), Stacks automatically recognizes the dependency and defers the plan rather than failing. Once the dependency component is applied and outputs are available, Stacks automatically re-runs the deferred plan. This eliminates the need to manually sequence deployments or work around missing state data during initial provisioning.

Managing Infrastructure at Scale with Terraform Stacks

Name: Managing Infrastructure at Scale with Terraform Stacks
Uploaded: 2026-04-09T17:36:13-04:00
Duration: 24 min
Description: TL;DR Terraform Stacks is a new HCP Terraform feature (public beta) that manages multiple workspaces as a single deployment unit, solving operational complexity when state files are divided across environments and resource types The architecture uses f...

HashiCorp

04/09/2026

0 (0%)

Report Like Favorite

TL;DR

Terraform Stacks is a new HCP Terraform feature (public beta) that manages multiple workspaces as a single deployment unit, solving operational complexity when state files are divided across environments and resource types
The architecture uses four core components: Components for resource definitions, Deployments for environment targeting, Orchestration Rules for automated workflows, and Deferred Changes for automatic dependency management
Orchestration rules enable environment-specific automation, such as auto-approving development deployments while requiring manual approval for production, reducing repetitive approval overhead
Deferred Changes automatically delays component plans when provider configuration depends on outputs from other components, enabling multi-step deployments like EKS clusters followed by Kubernetes manifests without manual coordination
Currently limited to HCP Terraform with a 500-resource cap across all pricing tiers; HashiCorp plans to integrate some functionality into the community edition in the future

The State File Division Problem

The session opens by addressing a fundamental challenge in Terraform infrastructure management: how to properly divide state files as infrastructure scales. When all environments exist in a single monolithic state file, teams face significant risks including unintended changes to production when modifying development resources, extended execution times as API calls multiply, and unclear ownership boundaries when multiple teams manage different resource types. The speaker illustrates how dividing state files by environment (Prod, Stage, Dev) and resource type (network, compute, database) can transform one state file into twelve separate workspaces, improving isolation and team autonomy but introducing new operational complexity.

Terraform Stacks Architecture and Components

Terraform Stacks introduces a new abstraction layer above workspaces to manage multiple state files as a unified deployment unit. The architecture consists of four core elements: Components define infrastructure resources using standard Terraform code wrapped in new component blocks; Deployments specify target environments including AWS accounts, regions, and IAM roles; Orchestration Rules automate approval workflows and plan execution based on environment-specific policies; and Deferred Changes automatically manage dependencies between components by delaying plans when provider configuration depends on outputs from other components. This structure enables teams to deploy multi-account, multi-region infrastructure configurations while maintaining clear dependency relationships and reducing manual coordination overhead.

Practical Implementation and Current Limitations

The demonstration walks through deploying API Gateway, Lambda, and S3 resources across multiple AWS accounts and regions using Terraform Stacks. The speaker shows how orchestration rules can automate deployments to development and staging environments while requiring manual approval for production, and how deferred changes handle complex scenarios like deploying Kubernetes manifests that depend on EKS cluster endpoints. Currently in public beta and exclusive to HCP Terraform (not available in the community edition), Stacks has a 500-resource limit across all pricing tiers. HashiCorp has indicated some functionality may eventually be integrated into the community version, though timing remains unspecified.

Chapters

0:00 - Introduction and Speaker Background
1:13 - State File Division Challenges
5:26 - Introducing Terraform Stacks
8:01 - Stacks Configuration Elements
8:57 - Components Deep Dive
11:09 - Deployments Configuration
13:42 - Creating Stacks in HCP Terraform
16:02 - Orchestration Rules
18:23 - Deferred Changes Feature
22:17 - Conclusion and Resources

Key Quotes

1:20 "First, I think there is a problem with state files that are not properly divided."
5:26 "I think that Terraform Stacks can be used to solve such problems."
6:17 "This function is a function that allows you to simplify large-scale infrastructure management."
6:38 "As a precaution, it can only be used in Terraform."
7:05 "Since this is a public beta, there is a limit to the number of resources. There is a limit of up to 500 resources."
10:53 "Since this is received by the output, the dependency relationship is automatically taken into account, and this is taken into account when planning or applying."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

04/23/2026

01:00 PM

04/23/2026

Cultivating Trust as a Foundation for the Agentic Consumer in 2026

https://www.truthinit.com/index.php/channel/1883/cultivating-trust-as-a-foundation-for-the-agentic-consumer-in-2026/
04/29/2026

12:00 PM

04/29/2026

Strategies for Safeguarding AI in Applications, Agents, and APIs

https://www.truthinit.com/index.php/channel/1893/strategies-for-safeguarding-ai-in-applications-agents-and-apis/
04/30/2026

10:00 AM

04/30/2026

Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection

https://www.truthinit.com/index.php/channel/1868/insights-from-the-2026-keepit-annual-data-report-on-saas-data-protection/
04/30/2026

01:00 PM

04/30/2026

The New Economics of a VMware Exit

https://www.truthinit.com/index.php/channel/1880/the-new-economics-of-vmware-exit/
05/06/2026

02:00 AM

05/06/2026

Transforming AI's Potential: Proactively Identifying Attacks Before Breaches Occur

https://www.truthinit.com/index.php/channel/1886/transforming-ais-potential-proactively-identifying-attacks-before-breaches-occur/
05/06/2026

10:00 PM

05/06/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1913/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

05:00 AM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1914/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

01:00 PM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1915/world-password-day-strategies-for-managing-your-passwords-effectively/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Effective Strategies for Safeguarding Active Directory and Minimizing Data Exposure

https://www.truthinit.com/index.php/channel/1888/effective-strategies-for-safeguarding-active-directory-and-minimizing-data-exposure/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/