> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting started with JIT access for AWS (using Identity Center)

> Follow this guide to get started with just-in-time (JIT) access to your Amazon Web Services (AWS) resources.

## Before you begin

To complete this guide, you'll need:

* C1 **Super Administrator** role
* AWS with Identity Center configured
* Ability to setup an AWS role trust

**Estimated time:** 30 minutes

## Step 1: Integrate your AWS instance

Integrate your AWS instance with C1. Follow our instructions to set up the [AWS v2 connector](/baton/aws).

Make sure to select these configuration options on the connector setup screen:

* Enable support for AWS Organizations
* Enable support for AWS IAM Identity Center

Once connected, C1 ingests all of the resources and entitlements for AWS. This includes accounts, roles within accounts, identity center users, identity center groups, and permission sets. You can see all the resources and entitlements by going to **Apps** > **AWS** and clicking **Entitlements**.

## Step 2: Configure AWS accounts for JIT access

Now that AWS is hooked up to C1, set AWS accounts as available for just-in-time access. To do this, we'll configure entitlement management rules for each of the AWS accounts.

<Steps>
  <Step>
    Navigate to the **Apps** page, then select the "AWS" application that was created from Step 1.
  </Step>

  <Step>
    In the **Entitlement management** section, click **Edit** next to **Default config rules**.
  </Step>

  <Step>
    In the configuration rules pane, click the toggle to **Enable configuration rules**.
  </Step>

  <Step>
    Select the **account** resource type.
  </Step>

  <Step>
    In the **Access profiles** field, search for and select an access profile. For example, select **Everyone** to make the entitlements requestable by all users.
  </Step>

  <Step>
    Finally, check the box at the bottom of the screen and click **Apply**.
  </Step>
</Steps>

The new settings are applied, and a summary is shown in the **Entitlement management** section of the page.

<Tip>
  **Don’t worry,** you can change who can request access, for how long, and the policy for approving access later.
</Tip>

## Step 3: Request JIT access

Let's go request AWS JIT access!

<Steps>
  <Step>
    In C1, click **Requests** and make sure that **App catalog** is selected.
  </Step>

  <Step>
    Click **AWS**. A panel opens with the account resources available for you to request.
  </Step>

  <Step>
    Click the account you want access to, then click **Request** on a specific entitlement (such as a permission set).
  </Step>

  <Step>
    On the **New request** form that is shown, select the length of time you want access for.
  </Step>

  <Step>
    Click **Submit request**.
  </Step>
</Steps>

## Success!

The request policy routes the request through the approval process. The new access will be automatically provisioned by the AWS connector, and then automatically removed upon expiration.

<Tip>
  If you prefer working from the command line, you can also request and use AWS access directly from the AWS CLI using Cone. See [Use Cone with AWS SSO](/product/how-to/cone-aws-sso-integration).
</Tip>