Integrating Abbey with Terraform Cloud
Last updated
Last updated
In this Quickstart, you'll learn how to set up and use Abbey using Terraform Cloud.
Abbey helps you manage the workflows for access requests and approvals, making it easier for people to get access to Resources.
We allow engineers to integrate these workflows directly into the Infrastructure provisioning process. Since you are already using an Infrastructure as Code (IaC) tool like Terraform, Abbey extends your IaC deployment through a Grant Kit.
A resource can be a production database or a cloud IAM role. In this Quickstart we will use the Abbey Demo Site as a resource example.
--> Go to Abbey Demo Site
Whoops, looks like you don't have access. Let's fix this and get you access.
Create an Abbey Account
Log into your Terraform Cloud account
Log into your GitHub account
Clone abbeylabs/abbey-starter-kit-terraform-cloud into your local development environment by following the instructions in Get a Starter Kit.
Follow the instructions in Connect a Repo to connect Abbey to your GitHub account.
Go to Terraform Cloud's Projects & workspaces to create a new Workspace and connect it with the quickstart GitHub repository.
Go to Terraform Cloud's Projects & workspaces
Click New > Workspace
In Choose Type, choose Version control workflow
In Connect to VCS, choose GitHub
In Choose a repository, choose the quickstart repo you created in Step 1
In Configure settings > Advanced opitons,
Under Apply Method, choose Auto Apply
Under VCS Triggers, choose Always trigger runs
Under Pull Requests, toggle on Automatic speculative plans
Click Create workspace
Configure abbey_token Terraform variable
Find your API Token from the Settings > API Tokens page from your side navigation in the Abbey App.
Grant Kits rely on your GitHub account and repository name to output access changes, which we'll set through Terraform local variables. Update the locals block in main.tf with your account_name and repo_name
locals {
account_name = "" #CHANGEME
repo_name = "" #CHANGEME
...
}Workflow defines who should approve an access request.
Let's update the reviewers block by adding yourself as the reviewer by switching replace-me@example.com with the email address you use to sign into Abbey.
resource "abbey_grant_kit" "..." {
...
workflow = {
steps = [
{
reviewers = {
- one_of = ["replace-me@example.com"] # CHANGEME
+ one_of = ["alice@example.com"]Update Terraform Cloud Configuration inside terraform block with your Terraform organization and workspace names.
terraform {
cloud {
- organization = "replace-me-with-organization" # CHANGEME
+ organization = "my-terraform-org" # Use your own organization name
workspaces {
- name = "replace-me-with-workspace" # CHANGEME
+ name = "my-terraform-workspace" # Use your own workspace name here
}
}To deploy your Starter Kit, push to your main branch:
git push origin mainVisit the Abbey web application, click on Resources, and click Request next to the Demo resource. There are detailed instructions in Request Access doc.
Since all changes are backed by Git, you will see a PR get created in your repo with comments that outline the requested change in permissions.
To make things simple, we have configured the grant kit so that you are your own Approver. Click the Approvals tab and click Approve. See Approve or Deny Access Requests for detailed instructions.
You'll see that the PR in GitHub was merged within a few minutes.
Now let's go back to the Abbey Demo Site.
Once your 5 minutes is up, your access is automatically revoked. In your repo's Pull requests history, you can find a closed PR with the title "Revoking access to Abbey_demo from ...", and you will no longer be able to access the Abbey Demo Site.
To learn more about what Resources you can configure, try one of our Step-by-Step Tutorials.
Congrats! You should now have access.
