Temporary elevated access for Amazon Web Services accounts
All access to your Amazon Web Services account involves some level of privilege. Sensitive operations, such as changing the configuration for a production environment, require special treatment due to scope and potential impact. Temporary elevated access (also known as just-in-time access) is a way to request, approve, and track the use of a permission to perform a specific task during a specified time. Temporary elevated access supplements other forms of access control, such as permission sets and multi-factor authentication.
Note
To ensure business continuity, we recommend that you set up emergency access to the Amazon Web Services Management Console
To address a range of customers' needs, Amazon IAM Identity Center integrates with the solutions from Amazon Security Competency partners. Amazon validates that these solutions address a common set of temporary elevated access requirements. We recommend that you review each partner solution carefully so that you can choose one that best fits your unique needs and preferences, including your business, the architecture of your cloud environment, and your budget.
Validated solutions include Apono Access Management Platform
Partners can nominate solutions using the Amazon Security Competency application in Partner Center. For more information, see Amazon Security Competency Partners
Note
If you are using resource-based, Amazon Elastic Kubernetes Service or Amazon Key Management Service, see Referencing permission sets in resource policies, Amazon EKS Cluster config maps, and Amazon KMS key policies