AWS Systems Manager Change Manager is no longer open to new customers. Existing customers can continue to use the service as normal. For more information, see AWS Systems Manager Change Manager availability change.
Approving and denying just-in-time node access requests
Access request approvers can approve or deny just-in-time node access requests from the unified Systems Manager console or using your preferred command line tool. This information is intended for access request approvers. If you don't have the permissions required to approve or reject access requests, contact your administrator. The following procedures describe how to approve or deny just-in-time node access requests.
To approve or deny just-in-time node access requests using the console
Open the AWS Systems Manager console at https://console.aws.amazon.com/systems-manager/
. -
Select Manage node access in the navigation pane.
-
Select the Access requests tab.
-
Select the Requests for me toggle.
-
Select the checkbox next to the access request you want to approve or deny.
-
Select Approve or Reject.
After approving an access request you can revoke your approval at any time by selecting Revoke.
To approve or deny just-in-time node access requests using the command line
-
Note the access request ID from the notification. For example,
oi-12345abcdef. -
Run the following command to return details about the access request approval workflow, making sure to replace the
placeholder valueswith your own information.aws ssm get-ops-item \ --ops-item-idoi-12345abcdefNote the
automationExecutionIdvalue in the/aws/accessrequestfield for theOperationalData. For example,9231944f-61c6-40be-8bce-8ee2bEXAMPLE. -
Run the following command to approve or deny the access request. Use the
Approvesignal type to approve the request, andDenyto deny the request. Make sure to replace theplaceholder valueswith your own information.aws ssm send-automation-signal \ --automation-execution-id9231944f-61c6-40be-8bce-8ee2bEXAMPLE\ --signal-type "Approve"
