Using Abbey with Spacelift

In this tutorial, you'll learn how to use Abbey with Spacelift.

Abbey helps you manage the workflows for access requests and approvals, making it easier for people to get access to Resources.

Spacelift is a sophisticated CI/CD platform for OpenTofu, Terraform, and Terragrunt.

By using Abbey and Spacelift together, you can:

1. Scalably manage your infrastructure access.

2. Securely manage your Terraform state.

3. Easily and securely manage your secrets.

Before you start

1. Create an Abbey account.

2. Have a Spacelift account.

3. Have a GitHub account.

Spacelift Setup

Setting up Spacelift contains 3 steps:

1. Connect a GitHub repo to your Spacelift account

2. Create a Stack on Spacelift

3. Add your Abbey Token in Spacelift

Connect a GitHub repo to your Spacelift account

To get started, we need to add your GitHub repo containing your Terraform files for your Abbey Terraform Resources.

Navigate to Spacelift Organization Settings

Go to your Spacelift account and navigate to your Organization Settings.

Navigate to Source Code Settings

On the left side panel, navigate to Source Code under OTHER, then click on SET UP in the GitHub (custom App) section.

Use the wizard to configure GitHub

Follow the prompts. You'll be asked to select GitHub.com or a Self-hosted installation, followed by Personal or Organization, and then to confirm to be redirected to GitHub to create your Spacelift GitHub App.

Create Spacelift GitHub App

Use the default name supplied by Spacelift and click on Create GitHub App

Once created, you'll be redirected back to Spacelift.

Navigate to GitHub Developer Settings

You're not done yet! Now you'll need to go to GitHub and navigate to Developer Settings to install your newly-created Spacelift GitHub App.

Edit Spacelift GitHub App

Click on Edit next to your Spacelift GitHub App.

Install Spacelift GitHub App

Click on Install to install your App.

Select your repo

This is where you get to scope down the app's permissions. Select the repo containing your Terraform files for your Abbey Terraform Resources.

Once you install the app, you'll be redirected back to Spacelift.

Create a Stack on Spacelift

Now you can create a Stack. You will need a Stack to connect your source control and manage your Terraform state.

Create Stack

Click on Create Stack on the top right.

Add Stack details

Integrate VCS

From here, you can choose to go through the rest of the Spacelift screens or simply click on Skip to summary.

Review Summary

Review your choices and then click on Create Stack.

Add your Abbey Token in Spacelift

Now that you have your GitHub repo connected to Spacelift and your Stack created, you'll need to add your Abbey Token as a secret in Spacelift.

Navigate to your Stack's Environment

Click on your Stack, then click on the Environment tab near the top.

Add your Abbey Token secret

Click on Edit, then fill in your TF_VAR_abbey_token with your Abbey Token from the Abbey App. Now click on Done on the top right.

That's it! Congrats, you have now set up Abbey with Spacelift!

When your users request access to resources in Abbey, a Pull Request will be created on GitHub. Once all policy and workflow checks pass, reviewers will be notified to approve or deny the request. Upon approval, Abbey will merge the Pull Request, followed by Spacelift performing a plan. If you have auto-deploy configured in Spacelift, it will then run an apply, otherwise you can review a final time and manually apply via the Spacelift UI.

If your resource has an auto revocation policy, then Abbey will automatically revoke access in which another Pull Request will be created and the same git-based flow will occur, this time undoing the previous access grant.

Next Steps

To learn more about what Resources you can configure, try one of our Step-by-Step Tutorials.