Comment on page


Installing P0 on AWS takes about 10 minutes.

Before you begin

  • Choose at least one account on which to install P0.
  • Make sure you have the ability to create roles, add trust relationships, and create and assign role polices. You can do this if you have the IAMFullAccess policy attached to your user.

Setting up AWS

For fine-grained Kubernetes access in EKS use the P0 Kubernetes integration.
  1. 1.
    Navigate to "Integrations" on, then select "AWS":
  1. 2.
    Enter one or more AWS numeric account IDs, then click "Get AWS setup commands". The next page will display commands you can run using the AWS CLI to provision P0. You can also run these commands using AWS Cloud Shell.
  1. 3.
    Run these commands now. P0 will verify its installation. If verification is successful, you'll be taken to the integration configuration.

Configuring P0 with AWS

On the configuration page you define how users are provisioned in AWS:
IAM, email in user name
IAM, email in tag
In Identity Center
If users are defined in the account's IAM service and the user's names equal their email addresses, choose "In IAM, with email in the user name"
If users are defined in the account's IAM service, but their user names do not equal their email, you'll need to add a tag to each user you want to allow access via P0. For example, with a tag named "Email":
If users are provisioned via Identity Center (for example, if you provision via SSO), choose "In Identity Center".
A few requirements apply:
  • P0 must be installed on the account where the Identity Center instance resides
  • Users must be provisioned with user names equal to user email addresses
To finish configuration:
  1. 1.
    Select the account in which the Identity Center instance resides
And that's it. You're all set to start granting just-in-time, least-privileged access to AWS with p0.
Last modified 3mo ago