Authorization rules let you grant multiple users or user groups access to one or more assets in a single configuration. You can also set a validity period to limit when access is active. Use authorization rules to manage access at scale instead of configuring permissions one user at a time.
Prerequisites
Before you begin, make sure that:
Hosts are added to your bastion host. See Add hosts.
Users are added to your bastion host. See Manage users.
Create an authorization rule
Log on to the Bastionhost console. In the top navigation bar, select the region where your bastion host resides.
In the bastion host list, find the target bastion host and click Manage.
In the left-side navigation pane, click Authorization Rules.
On the Authorization Rules page, click Create Authorization Rule.
In the Create Authorization Rule panel, configure the following parameters and click Create Authorization Rule.
Parameter Description Authorization Rule Name A name for the rule. Must be 1–128 characters. Cannot start with a special character. Allowed special characters: period (.), underscore (_), hyphen (-), and space. Validity Period The time window during which the rule is active. Specify the start and end dates, as well as the points in time at which the validity period starts and ends. Remarks Optional notes about the rule. When the confirmation message appears, click Associate Assets and Users.
On the Asset/User tab, associate the rule with assets, asset groups, users, and user groups.
What's next
Manage an authorization rule — Modify an existing rule or delete rules that are no longer needed.