Just-in-time access management for AWS.
Request, approve, and provision temporary elevated access with policy-driven authorization,
full audit trails, and automatic expiration.

JITSudo eliminates standing privileges in AWS. Instead of granting permanent elevated access, users request temporary access to specific resources — with a justification, a time limit, and a full audit trail. Policies written in Cedar control who can access what, whether approval is required, and when access auto-expires.

How it works:

1. A user requests access to an AWS account or permission set
2. Cedar policies evaluate the request — auto-approve, require approval, or deny
3. An approver reviews and approves (or the policy auto-approves)
4. JITSudo provisions the IAM Identity Center assignment
5. Access expires automatically after the granted duration

• Policy-driven authorization — Cedar policies define who can access what, with fine-grained conditions
• Automatic expiration — grants expire after the requested duration, no manual cleanup
• Break-glass access — emergency bypass for incidents, fully audited
• Multi-tenant — manage multiple AWS organizations from a single deployment
• Full audit trail — every request, approval, grant, and revocation is logged
• Infrastructure as code — manage policies, users, and configuration via Terraform

Repo	Description	Language	Issues
jitsudo	Core platform — API server, worker, frontend
jitsudo-docs	Documentation site (docs.jitsudo.io)
terraform-provider-jitsudo	Terraform provider for managing JITSudo resources

JITSudo is built in the open and we welcome contributions of all kinds — code, documentation, bug reports, feature ideas, and feedback.

• Found a bug? Open an issue in the relevant repo
• Have an idea? Request a feature
• Want to contribute? Read our Contributing Guide to get started
• Security concern? See our Security Policy for responsible disclosure

Whether you're fixing a typo in the docs, adding a Terraform resource, or building a new feature — every contribution matters.