Abbey Docs
  • 👋Welcome
  • Getting Started
    • Quickstart
    • Step-by-Step Tutorials
      • AWS: Managing Access to Identity Center Groups
      • AWS: Managing Access to Identity Center Permission Sets
      • AWS: Managing Access to IAM Groups
      • Azure AD: Managing Access to Groups
      • Confluent: Managing Access to Kafka ACLs
      • Databricks: Managing Access to Managed Tables in Unity Catalog
      • Databricks: Managing Access to Groups
      • GitHub: Managing Access to Teams
      • Google Cloud: Managing Access to Groups
      • Google Workspace: Managing Access to Google Groups
      • Kafka: Managing Access to ACLs
      • Okta: Managing Access to Groups
      • Postgres: Managing Access to Roles
      • Snowflake: Managing Access to Tables
      • Tabular: Managing Access to Apache Iceberg Roles
      • Tailscale: Managing Access to ACLs
      • Vault: Managing Access to Groups and Policies
      • Integrating Abbey with Terraform Cloud
      • Using Abbey with Atlantis
      • Using Abbey with Spacelift
    • Starter Kits
  • How Abbey Works
    • How Abbey Works
    • Key Concepts
  • Build a Grant Kit
    • Get a Starter Kit
    • Connect a Repo
    • Create a Grant Kit
    • Link Identities
    • Write Access Policies
    • Deploy Your Grant Kit
    • Request Access
    • Approve or Deny Access Requests
  • Use Cases
    • Time-Based Access
      • Expire After a Duration
      • Expire At a Specific Time
    • Approval Workflows
      • Using a Single Approval Step
      • Using Multiple Approval Steps
      • Conditionally Skip Approval Steps
  • Admin
    • User Roles
    • Sign-in and MFA
      • Sign-in Methods
      • Multifactor Authentication (MFA)
      • Enabling Single Sign-On
    • Sources
      • PagerDuty
      • Directory Sync
    • End User Notifications
    • Manage API Tokens
  • Reference
    • Grant Kits
      • Workflows
      • Policies
      • Outputs
    • Referencing Users and Groups
    • Linking Application Identities into Abbey
      • Why do I need to link application identities?
      • How do I Link Application Identities?
      • Supported Application Identity Types and Schemas
      • Application Data Object
    • Access Policies
      • Types of Access Policies
      • Policy Bundles
      • Inline Policies
      • Helper Functions
      • Policy Examples
    • Terms of Service
    • FAQ
      • Troubleshooting
  • Resources
    • Abbey Labs
    • Terraform Registry
    • GitHub
    • System Status
    • Privacy Policy
    • Logo
Powered by GitBook
On this page
  • Before you start
  • Step 1: Clone this Repo
  • Step 2: Configure GitHub
  • Enable VCS Integration on Terraform Cloud
  • Step 3: Configure Your Grant Kit
  • Configure Output
  • Configure Reviewers
  • Update Terraform Cloud Backend Configuration
  • Step 4: Deploy Your Starter Kit
  • Step 5: Make a Request
  • Step 6: Approve the Request
  • Step 7: Access the Demo Site
  • Revoke Access
  • Next Steps
  1. Getting Started
  2. Step-by-Step Tutorials

Integrating Abbey with Terraform Cloud

PreviousVault: Managing Access to Groups and PoliciesNextUsing Abbey with Atlantis

Last updated 1 year ago

In this Quickstart, you'll learn how to set up and use Abbey using .

Abbey helps you manage the workflows for access requests and approvals, making it easier for people to get access to .

We allow engineers to integrate these workflows directly into the Infrastructure provisioning process. Since you are already using an Infrastructure as Code (IaC) tool like Terraform, Abbey extends your IaC deployment through a .

A resource can be a production database or a cloud IAM role. In this Quickstart we will use the Abbey Demo Site as a resource example.

--> Go to

Whoops, looks like you don't have access. Let's fix this and get you access.

Before you start

  1. Create an

  2. Log into your account

  3. Log into your account

Step 1: Clone this Repo

Clone into your local development environment by following the instructions in Get a Starter Kit.

Step 2: Configure GitHub

Follow the instructions in Connect a Repo to connect Abbey to your GitHub account.

Enable VCS Integration on Terraform Cloud

  2. Click New > Workspace

  3. In Choose Type, choose Version control workflow

  4. In Connect to VCS, choose GitHub

  5. In Choose a repository, choose the quickstart repo you created in Step 1

  6. In Configure settings > Advanced opitons,

    • Under Apply Method, choose Auto Apply

    • Under VCS Triggers, choose Always trigger runs

    • Under Pull Requests, toggle on Automatic speculative plans

  7. Click Create workspace

  8. Configure abbey_token Terraform variable

Step 3: Configure Your Grant Kit

Configure Output

Grant Kits rely on your GitHub account and repository name to output access changes, which we'll set through Terraform local variables. Update the locals block in main.tf with your account_name and repo_name

main.tf
 locals {
  account_name = "" #CHANGEME
  repo_name = "" #CHANGEME
  ...
}

Configure Reviewers

Workflow defines who should approve an access request.

Let's update the reviewers block by adding yourself as the reviewer by switching replace-me@example.com with the email address you use to sign into Abbey.

main.tf
 resource "abbey_grant_kit" "..." {
   ...
   workflow = {
     steps = [
       {
         reviewers = {
-          one_of = ["replace-me@example.com"] # CHANGEME
+          one_of = ["alice@example.com"]

Update Terraform Cloud Backend Configuration

backend.tf
 terraform {
   cloud {
-    organization = "replace-me-with-organization" # CHANGEME
+    organization = "my-terraform-org" # Use your own organization name
     workspaces {
-      name = "replace-me-with-workspace" # CHANGEME
+      name = "my-terraform-workspace" # Use your own workspace name here
     }
   }

Step 4: Deploy Your Starter Kit

To deploy your Starter Kit, push to your main branch:

git push origin main

The deploy registers your resources with Abbey and effectively says "Hey Abbey, from this point forward, please manage permissions for these resources for me."

Step 5: Make a Request

Since all changes are backed by Git, you will see a PR get created in your repo with comments that outline the requested change in permissions.

Step 6: Approve the Request

You'll see that the PR in GitHub was merged within a few minutes.

Step 7: Access the Demo Site

Revoke Access

Next Steps

To learn more about what Resources you can configure, try one of our Step-by-Step Tutorials.

Go to 's Projects & workspaces to and connect it with the quickstart GitHub repository.

Go to 's Projects & workspaces

Find your API Token from the page from your side navigation in the Abbey App.

Update inside terraform block with your Terraform organization and workspace names.

Visit the Abbey web application, click on , and click Request next to the Demo resource. There are detailed instructions in Request Access doc.

To make things simple, we have configured the grant kit so that you are your own Approver. Click the tab and click Approve. See Approve or Deny Access Requests for detailed instructions.

Now let's go back to the .

Congrats! You should now have access.

Once your 5 minutes is up, your access is automatically revoked. In your repo's Pull requests history, you can find a closed PR with the title "Revoking access to Abbey_demo from ...", and you will no longer be able to access the .

🎉
🎉
Terraform Cloud
create a new Workspace
Terraform Cloud
Settings > API Tokens
Terraform Cloud Configuration
Resources
Approvals
Abbey Demo Site
Abbey Demo Site
⚒️
Terraform Cloud
Grant Kit
Abbey Demo Site
Abbey Account
Terraform Cloud
GitHub
abbeylabs/abbey-starter-kit-terraform-cloud
Resources
Page cover image