Examples

Caution

The JITSudo Terraform provider is under active development. These examples show the equivalent API calls you can use today.

Setting Up a Tenant with Policies

Using curl to replicate what the Terraform provider will automate:

# 1. Create a tenant
TENANT_ID=$(curl -s -X POST https://jitsudo.example.com/v1/tenants \
  -H "X-API-Key: $ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "engineering", "aws_role_arn": "arn:aws:iam::123456789012:role/JITSudo"}' \
  | jq -r '.id')

# 2. Create an API key for the new tenant
curl -X POST https://jitsudo.example.com/v1/api-keys \
  -H "X-API-Key: $ADMIN_KEY" \
  -H "X-Tenant-ID: $TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{"name": "terraform-provider"}'

# 3. Create a policy rule: auto-approve dev access
curl -X POST https://jitsudo.example.com/v1/policy-rules \
  -H "X-API-Key: $ADMIN_KEY" \
  -H "X-Tenant-ID: $TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "auto-approve-dev",
    "effect": "permit",
    "principal_scope_type": "any",
    "action_scope_type": "eq",
    "action_ids": ["request_access"],
    "resource_scope_type": "eq",
    "resource_entity_type": "AwsAccount",
    "resource_entity_id": "123456789012",
    "conditions": "context.duration_seconds <= 14400",
    "approval_mode": "auto",
    "priority": 100
  }'

# 4. Create a Slack notification channel
curl -X POST https://jitsudo.example.com/v1/notification-channels/slack-webhook \
  -H "X-API-Key: $ADMIN_KEY" \
  -H "X-Tenant-ID: $TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "team-notifications",
    "webhook_url": "https://hooks.slack.com/services/T.../B.../xxx",
    "event_filters": ["request.pending", "grant.active"]
  }'

Production Policy: Manual Review Required

curl -X POST https://jitsudo.example.com/v1/policy-rules \
  -H "X-API-Key: $ADMIN_KEY" \
  -H "X-Tenant-ID: $TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "prod-manual-review",
    "effect": "permit",
    "principal_scope_type": "any",
    "action_scope_type": "eq",
    "action_ids": ["request_access"],
    "resource_scope_type": "eq",
    "resource_entity_type": "AwsAccount",
    "resource_entity_id": "987654321098",
    "approval_mode": "require",
    "approval_timeout": "4h",
    "priority": 50
  }'