Terraform workspaces solve a specific problem: selecting different state files while using the same configuration.
That mechanism is useful for creating multiple copies of identical infrastructure. It becomes less useful when environments require different permissions, approval processes, account boundaries, or operational controls.
In this lesson, we examine several situations where workspaces introduce hidden risk. We look at account separation, deployment promotion, shared blast radius, and environment-specific policy differences. We also discuss why many organizations use separate root modules for development, staging, and production.
Understanding where workspaces fit—and where they do not—helps prevent a common Terraform design mistake that often appears long after the initial deployment succeeds.