Abbey Docs
  • 👋Welcome
  • Getting Started
    • Quickstart
    • Step-by-Step Tutorials
      • AWS: Managing Access to Identity Center Groups
      • AWS: Managing Access to Identity Center Permission Sets
      • AWS: Managing Access to IAM Groups
      • Azure AD: Managing Access to Groups
      • Confluent: Managing Access to Kafka ACLs
      • Databricks: Managing Access to Managed Tables in Unity Catalog
      • Databricks: Managing Access to Groups
      • GitHub: Managing Access to Teams
      • Google Cloud: Managing Access to Groups
      • Google Workspace: Managing Access to Google Groups
      • Kafka: Managing Access to ACLs
      • Okta: Managing Access to Groups
      • Postgres: Managing Access to Roles
      • Snowflake: Managing Access to Tables
      • Tabular: Managing Access to Apache Iceberg Roles
      • Tailscale: Managing Access to ACLs
      • Vault: Managing Access to Groups and Policies
      • Integrating Abbey with Terraform Cloud
      • Using Abbey with Atlantis
      • Using Abbey with Spacelift
    • Starter Kits
  • How Abbey Works
    • How Abbey Works
    • Key Concepts
  • Build a Grant Kit
    • Get a Starter Kit
    • Connect a Repo
    • Create a Grant Kit
    • Link Identities
    • Write Access Policies
    • Deploy Your Grant Kit
    • Request Access
    • Approve or Deny Access Requests
  • Use Cases
    • Time-Based Access
      • Expire After a Duration
      • Expire At a Specific Time
    • Approval Workflows
      • Using a Single Approval Step
      • Using Multiple Approval Steps
      • Conditionally Skip Approval Steps
  • Admin
    • User Roles
    • Sign-in and MFA
      • Sign-in Methods
      • Multifactor Authentication (MFA)
      • Enabling Single Sign-On
    • Sources
      • PagerDuty
      • Directory Sync
    • End User Notifications
    • Manage API Tokens
  • Reference
    • Grant Kits
      • Workflows
      • Policies
      • Outputs
    • Referencing Users and Groups
    • Linking Application Identities into Abbey
      • Why do I need to link application identities?
      • How do I Link Application Identities?
      • Supported Application Identity Types and Schemas
      • Application Data Object
    • Access Policies
      • Types of Access Policies
      • Policy Bundles
      • Inline Policies
      • Helper Functions
      • Policy Examples
    • Terms of Service
    • FAQ
      • Troubleshooting
  • Resources
    • Abbey Labs
    • Terraform Registry
    • GitHub
    • System Status
    • Privacy Policy
    • Logo
Powered by GitBook
On this page
  • Common Issues
  • I've created a Grant Kit but it's not showing up in the web UI
  • When I make a request to a Resource it fails
  • I've made a successful request to a Resource but I'm not seeing it appear under Approvals
  • My Policy is not taking effect
  • I've made a successful request to a Resource but it immediately gets denied, and I don't have a policy rejecting my request
  1. Reference
  2. FAQ

Troubleshooting

PreviousFAQNextPrivacy Policy

Last updated 3 months ago

Common Issues

GitHub Action failing due to Terraform issues

  • Duplicate Resource Name

    • You may have configured your output with a static name, such that multiple users will result in a resource with the same resource name.

      -> Configure a dynamic resource name using string interpolation. Examples can be seen in

    • The resource may be defined in a different terraform file. This commonly happens when people are testing multiple starter kits. You can fix this by renaming one of the resources.

  • Bad Grant Kit Name

    • Grant kit names must start with a letter or underscore, and may contain only letters, digits, underscores, and dashes.

  • Grant Kit Already Exists

    • Names must be unique across all of your grant kits.

  • Abbey Identity Not Found

    • Your Abbey Identity is the email you used to sign up for Abbey including the domain. Check that the email specified is the same as that value.

  • API Error

    • Please contact us for further support. You can find us on our .

  • Request Denied Due to Unable to add Approver Check

    • This may happen if you have not granted the Abbey GitHub App the correct permissions. Check that there isn't a permissions request at Settings -> GitHub Apps -> Abbey Labs

  • Request Denied Due to Failing Check

    • This can happen when the output of your grant kit has issues when trying to run terraform plan. Inspect the error log in the GitHub actions run for your PR for details.

Other Common errors

  • ABBEY_TOKEN or another API Token is missing from your GitHub Secrets.

  • GitHub may not have permissions to write to PRs.

  • You are missing a Connection to GitHub or that connection is missing access permissions to your repo.

    -> See Connect a Repofor instructions.

  • Error refreshing state: HTTP remote state endpoint requires auth

    • Double check that your Abbey API token is not expired! If it's expired, you'll need to create a new one.

I've created a Grant Kit but it's not showing up in the web UI

Please make sure that the Materialize GitHub Action has succeeded. To check this, go to your repository containing the grant kit and click on Actions -> Abbey Grant Kit Materialize. If the Action has failed, inspect the log for further debugging.

Common causes of failure are:

  • Your terraform file is misconfigured. Some possible causes and solutions are listed in Common Issues

When I make a request to a Resource it fails

A request may fail for many reasons. Some common reasons are:

  • You have misspelled the name of the organization or repo when defining the output location. -> Check that you have correctly specified your repo correctly.

  • You are missing a Connection to GitHub for the repo where you want to store access.tf.

    -> See Connect a Repo for instructions above for how to create a Connection.

I've made a successful request to a Resource but I'm not seeing it appear under Approvals

Please make sure that the Generate Policy Input GitHub Action has succeeded. To check this, go to your repository containing the grant kit and click on Actions -> Abbey Grant Kit Generate Policy Input. If the Action has failed, inspect the log for further debugging. See Common Issuesfor examples of failures and their solutions.

My Policy is not taking effect

Common reasons to have a failing policy

  • The policy must be in the same repo as your output. Check to make sure that this is the case.

  • Policy is incorrectly defined. See Policiesfor how to configure a policy.

I've made a successful request to a Resource but it immediately gets denied, and I don't have a policy rejecting my request

Please make sure that the Generate Policy Input GitHub Action has succeeded. If this Policy Fails, the request will be denied. To check this, go to your repository containing the grant kit and click on Actions -> Abbey Grant Kit Generate Policy Input. If the Action has failed, inspect the log for further debugging. See Common Issuesfor examples of failures and their solutions.

-> See the for instructions.

-> See for instructions.

Quickstart
Slack
#grant-workflow-permissions
Optionally Interpolate Variables