diff --git a/tutorials/1_databases/main.tf b/tutorials/1_databases/main.tf
new file mode 100644
index 0000000..c6f47cb
--- /dev/null
+++ b/tutorials/1_databases/main.tf
@@ -0,0 +1,77 @@
+terraform {
+  required_providers {
+    bytebase = {
+      version = "3.8.0"
+      # For local development, please use "terraform.local/bytebase/bytebase" instead
+      source = "registry.terraform.io/bytebase/bytebase"
+    }
+  }
+}
+
+provider "bytebase" {
+  service_account = "tf@service.example.com"
+  service_key     = "bbs_xxxx"
+  url = "https://xxx.xxx.xxx"
+}
+
+# Local environment IDs
+locals {
+  environment_id_test = "test"
+  environment_id_prod = "prod"
+}
+
+# Environment configuration (step 4a)
+resource "bytebase_setting" "environments" {
+  name = "settings/ENVIRONMENT"
+
+  environment_setting {
+    environment {
+      id        = local.environment_id_test
+      title     = "Test"
+      protected = false
+    }
+    environment {
+      id        = local.environment_id_prod
+      title     = "Prod"
+      protected = true
+    }
+  }
+}
+
+# MySQL test instance
+resource "bytebase_instance" "test" {
+  depends_on  = [bytebase_setting.environments]
+  resource_id = "mysql-test"
+  environment = "environments/${local.environment_id_test}"
+  title       = "MySQL test"
+  engine      = "MYSQL"
+  activation  = false
+
+  data_sources {
+    id       = "admin data source mysql-test"
+    type     = "ADMIN"
+    host     = "host.docker.internal"
+    port     = "3307"
+    username = "root"
+    password = "testpwd1"
+  }
+}
+
+# MySQL production instance
+resource "bytebase_instance" "prod" {
+  depends_on  = [bytebase_setting.environments]
+  resource_id = "mysql-prod"
+  environment = "environments/${local.environment_id_prod}"
+  title       = "MySQL prod"
+  engine      = "MYSQL"
+  activation  = false
+
+  data_sources {
+    id       = "admin data source mysql-prod"
+    type     = "ADMIN"
+    host     = "host.docker.internal"
+    port     = "3308"
+    username = "root"
+    password = "testpwd1"
+  }
+}
diff --git a/tutorials/2_projects/main.tf b/tutorials/2_projects/main.tf
new file mode 100644
index 0000000..676ce53
--- /dev/null
+++ b/tutorials/2_projects/main.tf
@@ -0,0 +1,66 @@
+terraform {
+  required_providers {
+    bytebase = {
+      version = "3.8.0"
+      # For local development, please use "terraform.local/bytebase/bytebase" instead
+      source = "registry.terraform.io/bytebase/bytebase"
+    }
+  }
+}
+
+provider "bytebase" {
+  service_account = "tf@service.example.com"
+  service_key     = "bbs_xxxx"
+  url = "https://xxx.xxx.xxx"
+}
+
+# (Optional) Reference to instances and environments from previous setup
+# You should already have bytebase_instance.test and bytebase_instance.prod defined
+
+# (Optional) List existing databases for introspection:
+data "bytebase_database_list" "all" {
+  parent = "workspaces/-"
+}
+
+output "current_databases" {
+  value = data.bytebase_database_list.all.databases
+}
+
+# Create a new project and assign specific databases
+resource "bytebase_project" "another" {
+  depends_on = [
+    bytebase_instance.test
+  ]
+  resource_id = "another-project"
+  title       = "Another project"
+
+  databases = [
+    "instances/mysql-test/databases/demo"
+  ]
+}
+
+# (Optional) Add more databases using multiple instances
+# resource "bytebase_project" "another_with_more" {
+#   depends_on = [
+#     bytebase_instance.test,
+#     bytebase_instance.prod
+#   ]
+#   resource_id = "another-with-more"
+#   title       = "Another project with more"
+# 
+#   databases = [
+#     "instances/mysql-test/databases/demo",
+#     "instances/mysql-prod/databases/app_prod"
+#   ]
+# }
+
+# (Optional)  Use all databases from an instance dynamically
+# resource "bytebase_project" "test_apps" {
+#   depends_on = [
+#     bytebase_instance.test
+#   ]
+#   resource_id = "test-applications"
+#   title       = "Test Applications"
+# 
+#   databases = bytebase_instance.test.databases
+# }
diff --git a/tutorials/3_settings/main.tf b/tutorials/3_settings/main.tf
new file mode 100644
index 0000000..8efd41a
--- /dev/null
+++ b/tutorials/3_settings/main.tf
@@ -0,0 +1,72 @@
+terraform {
+  required_providers {
+    bytebase = {
+      version = "3.8.0"
+      # For local development, please use "terraform.local/bytebase/bytebase" instead
+      source = "registry.terraform.io/bytebase/bytebase"
+    }
+  }
+}
+
+provider "bytebase" {
+  service_account = "tf@service.example.com"
+  service_key     = "bbs_xxx"
+  url = "https://xxx.xxx.xxx"
+}
+
+# Step 1: Workspace profile configuration
+resource "bytebase_setting" "workspace_profile" {
+  name = "settings/WORKSPACE_PROFILE"
+
+  workspace_profile {
+    disallow_signup           = true
+    domains                   = ["example.com"]
+    enforce_identity_domain  = true
+    external_url             = "https://your-bytebase-instance.com"
+    # Optional:
+    # disallow_password_signin = false
+  }
+}
+
+# Step 2: Approval flow settings
+resource "bytebase_setting" "approval_flow" {
+  name = "settings/WORKSPACE_APPROVAL"
+
+  approval_flow {
+    rules {
+      flow {
+        title       = "Project Owner → DBA → Admin"
+        description = "Need DBA and workspace admin approval"
+
+        steps { role = "roles/projectOwner" }
+        steps { role = "roles/workspaceDBA" }
+        steps { role = "roles/workspaceAdmin" }
+      }
+      conditions {
+        source = "DML"
+        level  = "MODERATE"
+      }
+      conditions {
+        source = "DDL"
+        level  = "HIGH"
+      }
+    }
+  }
+}
+
+# Step 3: Risk management policies
+resource "bytebase_risk" "dml_moderate" {
+  title     = "DML Moderate Risk"
+  source    = "DML"
+  level     = 200
+  active    = true
+  condition = "environment_id == \"prod\" && affected_rows >= 100"
+}
+
+resource "bytebase_risk" "ddl_high" {
+  title     = "DDL High Risk"
+  source    = "DDL"
+  level     = 300
+  active    = true
+  condition = "environment_id == \"prod\""
+}