Quickstart
In this quickstart, you'll learn how to configure a Grant Kit to automate access requests to yourself to approve or deny for a Null Resource.
A Null Resource acts as a do-nothing container, so we'll be effectively requesting and granting access to
/dev/null
. We're using a Null Resource so we can observe the end-to-end experience of what it's like to extend your existing Terraform setup from cloud infrastructure to access management. By using a Null Resource, we won't need additional dependencies to third-party systems.- 1.Make sure you have:
Start by creating a new repository by copying the Abbey Starter Kit Quickstart template repository from https://github.com/abbeylabs/abbey-starter-kit-quickstart.

Create a new repository using the Repository Template.
Clone your new repository using your preferred method.
For example:

Clone your repo
Now that you have your new repository, you'll have to connect it to Abbey to be able to deploy your Starter Kit later.
To do this, go to the Abbey App and head over to the Connections page -> New Connection -> Fill in the name of your connector -> Authenticate -> Create.
🔗
➕
🔑
In your
main.tf
file:- Look for the
reviewers
attribute.
To find your Primary Identity, visit the Abbey App and click on your Profile Icon on the top right -> Manage Account -> Look under Email addresses.
⚙

Find your Primary Identity on the Abbey App.
main.tf
resource "abbey_grant_kit" "null_grant" {
...
workflow = {
steps = [
{
reviewers = {
one_of = ["[email protected]"]
}
}
]
...
}
}
In your
main.tf
file:- Look for the
location
attribute. It'll be nested underoutput
. - Replace the
organization
segment with your GitHub organization name. - Replace the
repo
segment with your repository name.
In your
main.tf
file:- Look for the
abbey_identity
resource. - Look for the
value
attribute. It'll be nested underlinked.abbey
.
main.tf
resource "abbey_identity" "user_1" {
...
linked = jsonencode({
abbey = [
{
type = "AuthId"
value = "[email protected]"
}
]
})
}
Find your API Key by going to the Developers page from your side navigation in the Abbey App.
If you cloned the Starter Kit to your Personal GitHub Account, you'll need to make sure your repository has the right permissions for GitHub Actions.
You can do this by going to your GitHub Repository's Settings -> Actions -> General -> Workflow permissions -> Click the "Read and write permissions" radio button -> Save.
⚙
▶
To deploy, push to your
main
branch:git push origin main
The deploy registers your resources with Abbey and effectively says "Hey Abbey, from this point forward, please manage permissions for these resources for me."
The starter kit uses a Abbey provided Terraform HTTP backend to persist state. Although this backend is secured with your Abbey API key, don't use this for production.
You can optionally deploy from your local machine without going through CI. To do this, you'll need to have Terraform installed. Once installed, you'll need to:
Initialize your Terraform configuration:
cd $PATH_TO_YOUR_CLONED_REPO
terraform init
(Optional) Plan your Terraform configuration:
You can optionally run
terraform plan
to get a sense of what changes would be made.terraform plan
Before you deploy, make sure you push any changes to your repository. That way, Abbey has the latest changes when generating your Terraform output.
Deploy your Terraform configuration:
ABBEY_TOKEN=<your API key> terraform apply
Congratulations! Abbey is now managing permissions to your Null Resource for you.
🎉
You can now log into the Abbey App, look under Resources, and send yourself a Request.
When you send a request, you'll see that a Pull Request was made. Normally Abbey will run any Workflow or Access Policies, but since we don't have any in this quickstart, the request will automatically get routed to you for an approve or deny decision.
Abbey strives to help you automate and secure access management without being intrusive.
To that end, this Pull Request contains native Terraform HCL code using the normal open source Terraform Null Provider library. It represents the permissions change. In this case, it's just a simple creation of a new Null Resource.
Now you can log into the Abbey App and approve or deny your Request. If you deny it, Abbey will close the corresponding Pull Request with a comment. If you approve, then Abbey will merge the Pull Request, in which your CI/CD system will materialize the changes using
terraform apply
.Your CI/CD system should run
terraform apply
in the event of a push to your main
branch.- 1.Replace with your GitHub organization. name.
- 2.Replace with your GitHub repository name.
Last modified 7d ago