Requesting Access
Request temporary elevated access to AWS accounts through the JITSudo web UI or API.
Creating a Request via the Web UI
Section titled “Creating a Request via the Web UI”- Navigate to New Request
- Select the target AWS account from discovered resources
- Choose a permission set (e.g., PowerUserAccess, AdministratorAccess)
- Set the duration for how long you need access (in seconds)
- Add a justification explaining why access is needed
- Submit the request
Creating a Request via the API
Section titled “Creating a Request via the API”curl -X POST https://jitsudo.example.com/v1/requests \ -H "Authorization: Bearer <jwt>" \ -H "X-Tenant-ID: <tenant-uuid>" \ -H "Content-Type: application/json" \ -d '{ "resource_type": "aws_account", "resource_id": "123456789012", "permission_set_arn": "arn:aws:sso:::permissionSet/ssoins-xxx/ps-xxx", "duration_seconds": 14400, "justification": "Investigating production incident INC-1234" }'Request States
Section titled “Request States”| State | Description |
|---|---|
| pending | Awaiting policy evaluation or manual approval |
| approved | Request approved, grant being provisioned |
| denied | Request denied by policy or reviewer |
| expired | Approval timeout reached without a decision |
| cancelled | Request cancelled by the requester |
Break-Glass Access
Section titled “Break-Glass Access”For emergency scenarios, requests can be flagged as break-glass. These bypass normal approval workflows based on policy configuration, providing immediate access while still maintaining a full audit trail.
What Happens After Approval
Section titled “What Happens After Approval”Once approved, JITSudo creates a grant and the worker provisions an AWS Identity Center account assignment. You can access the target account through the AWS SSO portal within moments.