To answer the second part your question first, Organizations are definitely the way to go now, and we have quite a bit of comprehensive documentation on how they work and how to get the most out of them.
As for managing multiple tenants in Terraform, the ideal approach depends on your specific use case and organizational requirements.
Here are some best practices for managing multiple Auth0 tenants in Terraform:
- Directory Structure: Organize your Terraform code into a directory structure that separates environments.
- Variable Files: Create separate variable files for each environment (e.g., dev.tfvars, staging.tfvars, production.tfvars). These files should contain environment-specific variable values.
- Terraform Modules for Reusability: Consider creating Terraform modules that encapsulate common Auth0 configurations (e.g., creating custom database connections, defining roles, or setting up identity providers). These modules can be reused across different tenants, reducing duplication of code.
- Remote State Management: Store Terraform state files for each environment separately. Utilize remote state backends (e.g., S3, GCS, Azure Blob Storage) with different state file paths or prefixes for each environment to prevent state file conflicts.
- Use Terragrunt (Optional): Consider using Terragrunt, an additional tool that simplifies managing multiple environments with Terraform. Terragrunt can help manage remote state, variable files, and common configurations in a more structured way.
We have typically stayed away from this type of guidance in our documentation largely because the Auth0 Terraform Provider is designed to work within the standard confines of Terraform, and there are several different ways you can use Terraform, depending on your project. That being said, as we see questions like this come up from the community, we’re encouraged to put forth more focused guidance to fill in some of Hashicorp’s documentation gaps. If there are any specific documentation and guidance requests, feel free to submit them to GitHub, and we’ll see about getting them added!