Connect with atSpoke on AWS via Terraform


Prerequisites

  • Step 1: Create Indent Space

    • Create a space: indent.com/spaces/new

    • Step 1.2: Add others to Indent and upgrade your role

      • On the manage space page, click "Invite" (FYI: this currently does not email the invitees)
      • Add anyone who needs any kind of access as "Viewer"
      • Add anyone else on your team who'll need to request on others behalf others or may need to edit policies as "Editor" (they will still need to "Viewer" too)
      • Grant yourself or whoever is completing the other steps "Creator" role


  • Step 3: Connect Slack to Indent

    • Go to the Connect to Slack page https://indent.com/catalog/slack/start
    • Click Add to Slack, select the test Slack workspace and then select the right Indent space
    • Then you'll land on the App page
    • Expand the Webhook section and keep the Webhook Secret around for Step 5
    • Add @Indent to #access-requests channel (Important!)

  • Step 4: Prepare atSpoke

    • Create a new User with an easily identifiable name like "Indent Bot"

      • Use a Google Group or shared inbox as the email
    • Go to Profile → API → API token (tab) then "Generate a token"


  • Step 5: Create and setup your webhook

curl https://codeload.github.com/indentapis/indent-js/tar.gz/master | \
  tar -xz --strip=2 indent-js-master/examples/terraform-aws-atspoke-webhook && \
  mv terraform-aws-atspoke-webhook myapp-terraform-aws-atspoke-webhook
  • Now install the dependencies...
npm run deploy:init # initializes terraform aws provider with ~/.aws/config
npm run deploy:prepare # builds AWS Lambda layers
  • Add the environment variables...
mv terraform/config/example.tfvars terraform/config/terraform.tfvars
# Indent Webhook Secret is used to verify messages from Indent
indent_webhook_secret = "<from-step-3>"
# Indent Space Name is used to link to the right space on Indent
indent_space_name = "my-space-123"
# atSpoke API Key is used to authorize requests to your atSpoke environment
atspoke_api_key = "<from-step-4"
npm run tf:plan
npm run tf:apply

# or if you want to auto-approve deploy
npm run deploy:all
  • Once it's deployed, copy the URL from the endpoints and add to the App

  • Step 6: Add Rules to Indent

    • Add kinds of resources, for okta: okta.v1.group
    • Add resource IDs, or leave blank for all
    • Add approvers (individuals who can approve) and, optionally, recipients (public or private channels)
🎉 🎉 🎉 🎉 🎉 Great Job! 🎉 🎉 🎉 🎉 🎉