Access Governance
via Terraform
The easiest way to add automated access request flows
to your existing Terraform resources.
The easiest way to add automated access request flows
to your existing Terraform resources.
resource "abbey_grant_kit" "eng_readonly_role" {
name = "Eng_ReadOnly_Role"
description = "Read-only role for Snowflake PII Datasets"
workflow = {
steps = [
{ reviewers = { one_of = ["alice@acme.com", "bob@acme.com"] } }
]
}
policies = [
{ bundle = "github://acme-inc/infra/policies/soc2" }
{ bundle = "github://acme-inc/infra/policies/auto-revoke-24h" }
]
output = {
location = "github://acme-inc/infra/access.tf"
append = <<-EOT
resource "snowflake_role_grants" "eng_readonly" {
role_name = data.snowflake_role.eng.name
users = ["{{ .data.system.abbey.identities.snowflake.email }}"]
}
EOT
}
}