diff --git a/README.md b/README.md
index 7f9dbbe..5ae041b 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,13 @@
 # repo-access
 
 A demo using the GitHub terraform provider to manage access to repos within an org
+
+## Usage
+
+Valid Permissions:
+
+- `pull` (read) default
+- `triage`
+- `push` (write)
+- `maintain`
+- `admin`
diff --git a/repos/repo-1.yaml b/repos/repo-1.yaml
new file mode 100644
index 0000000..b64cbc8
--- /dev/null
+++ b/repos/repo-1.yaml
@@ -0,0 +1,2 @@
+- team: engineers
+  permission: pull
diff --git a/repos/repo-2.yaml b/repos/repo-2.yaml
new file mode 100644
index 0000000..cf9c740
--- /dev/null
+++ b/repos/repo-2.yaml
@@ -0,0 +1,4 @@
+- team: engineers
+  permission: pull
+- team: admins
+  permission: admin
diff --git a/terraform/main.tf b/terraform/main.tf
new file mode 100644
index 0000000..f1e1921
--- /dev/null
+++ b/terraform/main.tf
@@ -0,0 +1,16 @@
+locals {
+  repos = { for f in fileset(path.module, "../repos/**.yaml") :
+    trimsuffix(basename(f), ".yaml") => [
+      for entry in yamldecode(file(f)) :
+      merge(entry, { "repo_name" = trimsuffix(basename(f), ".yaml") })
+    ]
+  }
+}
+
+resource "github_team_repository" "repo_access" {
+  for_each = { for repo, teams in local.repos : repo => teams }
+
+  repository = each.value[0].repo_name
+  team_id    = each.value[0].team
+  permission = each.value[0].permission
+}
diff --git a/terraform/repo-1.tf b/terraform/repo-1.tf
deleted file mode 100644
index 1e569d0..0000000
--- a/terraform/repo-1.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-resource "github_team_repository" "repo-1" {
-  team_id    = "engineers"
-  repository = "repo-1"
-  permission = "pull"
-}