# 6. Tenant and Admin Just-In-Time (JIT) AWS Access

## JIT Access from the DuploCloud Portal

Navigate to **User** -> **Profile** to view options for obtaining JIT credentials with the **JIT AWS Console** button.

{% hint style="info" %}
This method uses Tenant-level AWS permissions.
{% endhint %}

<figure><img src="/files/JHMSVHYbrorU9dgLRUqS" alt=""><figcaption><p>The <strong>JIT AWS Console</strong> button on the <strong>Profile</strong> page</p></figcaption></figure>

## CLI

DuploCloud uses `duplo-jit` to access the CLI. You can use `duplo-jit` to retrieve Tenant-scoped temporary credentials.

Documentation for installation and setup can be found [here](/docs/automation-platform/overview/use-cases/jit-access.md).

## Accessing the AWS CLI for Admin and Tenant Scopes

{% code fullWidth="false" %}

```bash
[profile duplo-prod]
region=us-west-2
credential_process=duplo-jit aws --admin --host https://prod.duplocloud.net --interactive
```

{% endcode %}

```
[profile test-04]
region=us-west-2
credential_process=duplo-jit aws -tenant devab01 --host https://test04.duplocloud.net --interactive
```

## Accessing Kubectl

Administrators can obtain a cluster-wide `kubeconfig` file by navigating to **Administrator** -> **Infrastructure.**

Select the Infrastructure, and in the **EKS** tab, click the **Download Kube Config** button.

<figure><img src="/files/Z3Lh4bmKJT4tUOK3iReG" alt=""><figcaption><p>The <code>kubeconfig</code> file downloaded from DuploCloud</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.duplocloud.com/docs/workshops/duplocloud-101-for-aws/daily-operations-using-duplocloud/6-tenant-and-admin-just-in-time-jit-aws-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.