Inline Policies

Inline Policies are snippets of Rego which are defined inline with a grant kit. The Rego code is placed within the policies block inside of an Abbey grant kit. When an access request is made, our policy evaluation engine evaluates the access policy and makes sure the policy checks pass before granting requests to resources.

The following is an example of using an Inline Policy inside of an Abbey grant kit.

resource "abbey_grant_kit" "null_grant" {
  ...
  
  policies = [
    {
      query = <<-EOT
      package main
      
      import abbey.functions

      allow[msg] {
        expire_after("5m") # Expire the access after 5 minutes
        msg := "access allowed for null_grant" # Use any message you like.
      }
      EOT
    }
  ]

  ...
}