Abbey Docs
  • 👋Welcome
  • Getting Started
    • Quickstart
    • Step-by-Step Tutorials
      • AWS: Managing Access to Identity Center Groups
      • AWS: Managing Access to Identity Center Permission Sets
      • AWS: Managing Access to IAM Groups
      • Azure AD: Managing Access to Groups
      • Confluent: Managing Access to Kafka ACLs
      • Databricks: Managing Access to Managed Tables in Unity Catalog
      • Databricks: Managing Access to Groups
      • GitHub: Managing Access to Teams
      • Google Cloud: Managing Access to Groups
      • Google Workspace: Managing Access to Google Groups
      • Kafka: Managing Access to ACLs
      • Okta: Managing Access to Groups
      • Postgres: Managing Access to Roles
      • Snowflake: Managing Access to Tables
      • Tabular: Managing Access to Apache Iceberg Roles
      • Tailscale: Managing Access to ACLs
      • Vault: Managing Access to Groups and Policies
      • Integrating Abbey with Terraform Cloud
      • Using Abbey with Atlantis
      • Using Abbey with Spacelift
    • Starter Kits
  • How Abbey Works
    • How Abbey Works
    • Key Concepts
  • Build a Grant Kit
    • Get a Starter Kit
    • Connect a Repo
    • Create a Grant Kit
    • Link Identities
    • Write Access Policies
    • Deploy Your Grant Kit
    • Request Access
    • Approve or Deny Access Requests
  • Use Cases
    • Time-Based Access
      • Expire After a Duration
      • Expire At a Specific Time
    • Approval Workflows
      • Using a Single Approval Step
      • Using Multiple Approval Steps
      • Conditionally Skip Approval Steps
  • Admin
    • User Roles
    • Sign-in and MFA
      • Sign-in Methods
      • Multifactor Authentication (MFA)
      • Enabling Single Sign-On
    • Sources
      • PagerDuty
      • Directory Sync
    • End User Notifications
    • Manage API Tokens
  • Reference
    • Grant Kits
      • Workflows
      • Policies
      • Outputs
    • Referencing Users and Groups
    • Linking Application Identities into Abbey
      • Why do I need to link application identities?
      • How do I Link Application Identities?
      • Supported Application Identity Types and Schemas
      • Application Data Object
    • Access Policies
      • Types of Access Policies
      • Policy Bundles
      • Inline Policies
      • Helper Functions
      • Policy Examples
    • Terms of Service
    • FAQ
      • Troubleshooting
  • Resources
    • Abbey Labs
    • Terraform Registry
    • GitHub
    • System Status
    • Privacy Policy
    • Logo
Powered by GitBook
On this page
  • Before you start
  • Spacelift Setup
  • Connect a GitHub repo to your Spacelift account
  • Navigate to Spacelift Organization Settings
  • Navigate to Source Code Settings
  • Use the wizard to configure GitHub
  • Create Spacelift GitHub App
  • Navigate to GitHub Developer Settings
  • Edit Spacelift GitHub App
  • Install Spacelift GitHub App
  • Select your repo
  • Create a Stack on Spacelift
  • Create Stack
  • Add Stack details
  • Integrate VCS
  • Review Summary
  • Add your Abbey Token in Spacelift
  • Navigate to your Stack's Environment
  • Add your Abbey Token secret
  • Wrap up
  • Next Steps
  1. Getting Started
  2. Step-by-Step Tutorials

Using Abbey with Spacelift

PreviousUsing Abbey with AtlantisNextHow Abbey Works

Last updated 1 year ago

Estimated time: ~5 minutes

In this tutorial, you'll learn how to use Abbey with .

Abbey helps you manage the workflows for access requests and approvals, making it easier for people to get access to .

Spacelift is a sophisticated CI/CD platform for OpenTofu, Terraform, and Terragrunt.

By using Abbey and Spacelift together, you can:

  1. Scalably manage your infrastructure access.

  2. Securely manage your Terraform state.

  3. Easily and securely manage your secrets.

Before you start

  1. Create an account.

  2. Have a account.

  3. Have a account.

Spacelift Setup

Setting up Spacelift contains 3 steps:

  1. Connect a GitHub repo to your Spacelift account

  2. Create a Stack on Spacelift

  3. Add your Abbey Token in Spacelift

Connect a GitHub repo to your Spacelift account

To get started, we need to add your GitHub repo containing your Terraform files for your Abbey Terraform Resources.

Navigate to Spacelift Organization Settings

Go to your Spacelift account and navigate to your Organization Settings.

Navigate to Source Code Settings

On the left side panel, navigate to Source Code under OTHER, then click on SET UP in the GitHub (custom App) section.

Use the wizard to configure GitHub

Follow the prompts. You'll be asked to select GitHub.com or a Self-hosted installation, followed by Personal or Organization, and then to confirm to be redirected to GitHub to create your Spacelift GitHub App.

Create Spacelift GitHub App

Use the default name supplied by Spacelift and click on Create GitHub App

Once created, you'll be redirected back to Spacelift.

Navigate to GitHub Developer Settings

You're not done yet! Now you'll need to go to GitHub and navigate to Developer Settings to install your newly-created Spacelift GitHub App.

Edit Spacelift GitHub App

Click on Edit next to your Spacelift GitHub App.

Install Spacelift GitHub App

Click on Install to install your App.

Select your repo

This is where you get to scope down the app's permissions. Select the repo containing your Terraform files for your Abbey Terraform Resources.

Once you install the app, you'll be redirected back to Spacelift.

Create a Stack on Spacelift

Create Stack

Click on Create Stack on the top right.

Add Stack details

Integrate VCS

From here, you can choose to go through the rest of the Spacelift screens or simply click on Skip to summary.

Review Summary

Review your choices and then click on Create Stack.

Add your Abbey Token in Spacelift

Now that you have your GitHub repo connected to Spacelift and your Stack created, you'll need to add your Abbey Token as a secret in Spacelift.

Navigate to your Stack's Environment

Click on your Stack, then click on the Environment tab near the top.

Add your Abbey Token secret

That's it! Congrats, you have now set up Abbey with Spacelift!

When your users request access to resources in Abbey, a Pull Request will be created on GitHub. Once all policy and workflow checks pass, reviewers will be notified to approve or deny the request. Upon approval, Abbey will merge the Pull Request, followed by Spacelift performing a plan. If you have auto-deploy configured in Spacelift, it will then run an apply, otherwise you can review a final time and manually apply via the Spacelift UI.

If your resource has an auto revocation policy, then Abbey will automatically revoke access in which another Pull Request will be created and the same git-based flow will occur, this time undoing the previous access grant.

Next Steps

To learn more about what Resources you can configure, try one of our Step-by-Step Tutorials.

If you don't have a GitHub repo with Abbey Terraform Resources, you can easily create one by following one of the .

Now you can create a . You will need a Stack to connect your source control and manage your Terraform state.

Click on Edit, then fill in your TF_VAR_abbey_token with your . Now click on Done on the top right.

Wrap up

🎉
Step-by-Step Tutorials
Stack
Abbey Token from the Abbey App
Spacelift
Abbey
Spacelift
GitHub
Resources
Page cover image