DEV Community

Latchu@DevOps
Latchu@DevOps

Posted on

1 1

πŸ” Just-in-Time Node Access in AWS Systems Manager Is Now General Availability β€” Secure, Time-Bound Access Done Right

#aws #ec2 #devops #bastion

AWS just made secure node access smarter and easier.

With the general availability of Just-in-Time (JIT) Node Access in AWS Systems Manager, you can now give your teams temporary, policy-controlled access to Amazon EC2, on-premises, or multi cloud nodes β€” all without persistent SSH keys or open ports.

Let’s break down what this means and how you can use it.

πŸš€ What Is Just-in-Time Node Access?

Just-in-Time Node Access is a new capability that enables:

πŸ” Temporary, time-bound access to managed nodes

βš–οΈ Access based on approval workflows or policies

🧠 Seamless integration across your AWS Organization

πŸ“Š Full audit logging and session recording

βœ… Zero need to manage long-lived credentials or SSH keys
Enter fullscreen mode Exit fullscreen mode

πŸ’‘ The Problem It Solves

Traditionally, giving teams access to EC2 instances meant either:

  • Sharing long-term credentials (a security risk), or
  • Building complex access management solutions

This often led to over-permission users, higher operational risk, and slower incident response.

βœ… Example Use Case: On-Call Engineer Needs Access

Imagine you run an operations team with hundreds of EC2 instances.

One night, an application starts misbehaving, and an on-call engineer needs access to troubleshoot.

Without JIT Node Access:

  • You’d manually grant SSH access, rotate keys, or involve a ticketing system
  • Slower incident response, and more risk

With JIT Node Access:

  • The engineer requests access via Systems Manager
  • The request is auto-approved (based on IAM group + time condition), or routed to a Slack/MS Teams approver
  • Temporary access is granted for 1 hour via:

πŸ”§ Browser shell

πŸ–₯️ RDP session

πŸ–₯️ AWS CLI

  • After the time window, access automatically expires πŸ”’

  • Every action is logged for auditing and compliance

🧰 Built for Modern Teams

Just-in-Time Node Access supports:

  • Approval via Slack, Teams, email, or Amazon Q Developer
  • Session tracking via Amazon EventBridge + SNS
  • Centralized access across multi-account environments
  • Auto-expiry with no inbound ports or SSH key rotation

πŸ†“ Free Trial Available

You can try it out for free per account per Region:

  • Covers the rest of the current billing cycle + the next full cycle
  • All features included in the trial

After that, it moves to usage-based pricing.

✨ Final Thoughts

If your team manages EC2 fleets, on-prem nodes, or multi-cloud environments and you care about:

πŸ” Eliminating long-term credentials

πŸ•“ Granting just-in-time access

πŸ“ˆ Meeting compliance goals
Enter fullscreen mode Exit fullscreen mode

Then Just-in-Time Node Access is worth exploring.

Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, β€œnot bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Top comments (0)

πŸ‘‹ Kindness is contagious

Explore a trove of insights in this engaging article, celebrated within our welcoming DEV Community. Developers from every background are invited to join and enhance our shared wisdom.

A genuine "thank you" can truly uplift someone’s day. Feel free to express your gratitude in the comments below!

On DEV, our collective exchange of knowledge lightens the road ahead and strengthens our community bonds. Found something valuable here? A small thank you to the author can make a big difference.

Okay