Temporary elevated access for Amazon Web Services accounts - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Temporary elevated access for Amazon Web Services accounts

All access to your Amazon Web Services account involves some level of privilege. Sensitive operations, such as changing the configuration for a production environment, require special treatment due to scope and potential impact. Temporary elevated access (also known as just-in-time access) is a way to request, approve, and track the use of a permission to perform a specific task during a specified time. Temporary elevated access supplements other forms of access control, such as permission sets and multi-factor authentication.

Note

To ensure business continuity, we recommend that you set up emergency access to the Amazon Web Services Management Console.

To address a range of customers' needs, Amazon IAM Identity Center integrates with the solutions from Amazon Security Competency partners. Amazon validates that these solutions address a common set of temporary elevated access requirements. We recommend that you review each partner solution carefully so that you can choose one that best fits your unique needs and preferences, including your business, the architecture of your cloud environment, and your budget.

Validated solutions include Apono Access Management Platform, CyberArk Secure Cloud Access, Okta Access Requests, and Tenable (previously Ermetic).

Partners can nominate solutions using the Amazon Security Competency application in Partner Center. For more information, see Amazon Security Competency Partners.

Note

If you are using resource-based, Amazon Elastic Kubernetes Service or Amazon Key Management Service, see Referencing permission sets in resource policies, Amazon EKS Cluster config maps, and Amazon KMS key policies before you choose your just-in-time solution.