# Integrating Abbey with Terraform Cloud

In this Quickstart, you'll learn how to set up and use Abbey using [Terraform Cloud](https://developer.hashicorp.com/terraform/cloud-docs).

Abbey helps you manage the workflows for access requests and approvals, making it easier for people to get access to [Resources](https://docs.abbey.io/how-abbey-works/concepts#resources).

We allow engineers to integrate these workflows directly into the Infrastructure provisioning process. Since you are already using an Infrastructure as Code (IaC) tool like Terraform, Abbey extends your IaC deployment through a [Grant Kit](https://docs.abbey.io/reference/grant-kits).

A resource can be a production database or a cloud IAM role. In this Quickstart we will use the **Abbey Demo Site** as a resource example.

\--> Go to [Abbey Demo Site](https://app.abbey.io/demo)

Whoops, looks like you don't have access. Let's fix this and get you access. :hammer\_pick:

## Before you start

1. Create an [Abbey Account](https://accounts.abbey.io/sign-up)
2. Log into your [Terraform Cloud](https://app.terraform.io) account
3. Log into your [GitHub](https://github.com/) account

## Step 1: Clone this Repo

Clone [abbeylabs/abbey-starter-kit-terraform-cloud](https://github.com/abbeylabs/abbey-starter-kit-terraform-cloud) into your local development environment by following the instructions in [get-a-starter-kit](https://docs.abbey.io/build-a-grant-kit/get-a-starter-kit "mention").

## Step 2: Configure GitHub

Follow the instructions in [connect-a-repo](https://docs.abbey.io/build-a-grant-kit/connect-a-repo "mention") to connect Abbey to your GitHub account.

### Enable VCS Integration on Terraform Cloud

Go to [Terraform Cloud](https://app.terraform.io/)'s **Projects & workspaces** to [create a new Workspace](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/creating#create-a-workspace) and connect it with the quickstart GitHub repository.

1. Go to [Terraform Cloud](https://app.terraform.io/)'s **Projects & workspaces**
2. Click New > Workspace
3. In **Choose Type**, choose **Version control workflow**
4. In **Connect to VCS**, choose **GitHub**
5. In **Choose a repository**, choose the quickstart repo you created in **Step 1**
6. In **Configure settings** > Advanced opitons,
   * Under **Apply Method**, choose **Auto Apply**
   * Under **VCS Triggers**, choose **Always trigger runs**
   * Under **Pull Requests**, toggle on **Automatic speculative plans**
7. Click **Create workspace**
8. Configure `abbey_token` Terraform variable
   * Find your API Token from the [**Settings > API Tokens**](https://app.abbey.io/settings/developers) page from your side navigation in the Abbey App.

## Step 3: Configure Your Grant Kit

### Configure Output

Grant Kits rely on your GitHub account and repository name to output access changes, which we'll set through Terraform local variables. Update the `locals` block in `main.tf` with your `account_name` and `repo_name`

{% code title="main.tf" %}

```hcl
 locals {
  account_name = "" #CHANGEME
  repo_name = "" #CHANGEME
  ...
}
```

{% endcode %}

### Configure Reviewers

Workflow defines who should approve an access request.&#x20;

Let's update the `reviewers` block by adding yourself as the reviewer by switching `replace-me@example.com` with the email address you use to sign into Abbey.&#x20;

{% code title="main.tf" %}

```diff
 resource "abbey_grant_kit" "..." {
   ...
   workflow = {
     steps = [
       {
         reviewers = {
-          one_of = ["replace-me@example.com"] # CHANGEME
+          one_of = ["alice@example.com"]
```

{% endcode %}

### Update Terraform Cloud Backend Configuration

Update [Terraform Cloud Configuration](https://developer.hashicorp.com/terraform/language/settings/terraform-cloud) inside `terraform` block with your Terraform organization and workspace names.

{% code title="backend.tf" lineNumbers="true" %}

```diff
 terraform {
   cloud {
-    organization = "replace-me-with-organization" # CHANGEME
+    organization = "my-terraform-org" # Use your own organization name
     workspaces {
-      name = "replace-me-with-workspace" # CHANGEME
+      name = "my-terraform-workspace" # Use your own workspace name here
     }
   }
```

{% endcode %}

## Step 4: Deploy Your Starter Kit

To deploy your Starter Kit, push to your `main` branch:

```sh
git push origin main
```

{% hint style="info" %}
The deploy registers your resources with Abbey and effectively says "Hey Abbey, from this point forward, please manage permissions for these resources for me."
{% endhint %}

## Step 5: Make a Request

Visit the Abbey web application, click on [Resources](https://app.abbey.io/resources), and click Request next to the Demo resource. There are detailed instructions in [requesting-access](https://docs.abbey.io/build-a-grant-kit/requesting-access "mention") doc.

Since all changes are backed by Git, you will see a PR get created in your repo with comments that outline the requested change in permissions.

## Step 6: Approve the Request

To make things simple, we have configured the grant kit so that you are your own Approver. Click the [Approvals](https://app.abbey.io/approvals) tab and click Approve. See [approving-or-denying-access-requests](https://docs.abbey.io/build-a-grant-kit/approving-or-denying-access-requests "mention") for detailed instructions.

You'll see that the PR in GitHub was merged within a few minutes.

## Step 7: Access the Demo Site

Now let's go back to the [Abbey Demo Site](https://app.abbey.io/demo).

:tada: Congrats! You should now have access. :tada:

### Revoke Access

Once your 5 minutes is up, your access is automatically revoked. In your repo's Pull requests history, you can find a closed PR with the title "**Revoking access to Abbey\_demo from ...**", and you will no longer be able to access the [Abbey Demo Site](https://app.abbey.io/demo).

## Next Steps

To learn more about what [resources](https://docs.abbey.io/resources "mention") you can configure, try one of our [](https://docs.abbey.io/getting-started/tutorials "mention").