Congratulations! Once your access to a resource has been approved, you can use Opal to connect to that resource.

There are a few important concepts to understand:

  1. Session vs. non-session-based connections

  2. Access levels

Session vs. non-session-based connections

  • There are two types of connections: session and non-session-based connections.

Session-based connections

  • With session-based connections, Opal will provide just-in-time credentials that expire after 15 minutes. Once a session has been started, it will last for 12 hours. With Opal, your access to a session-based connections can be either indefinite or short-lived. For the duration of your access, you will be able to start new sessions.

Examples of session-based connections: RDS databases, MongdoDB, EC2 instances, IAM roles, and EKS clusters

💡 TIP: For this type of connection, you can connect using Opal's CLI! Here's a helpful guide to learn more about Opal's CLI.

Non-session based connections

  • With non-session-based connections, Opal can grant access to the resource. However, users will not use Opal to start a session.

  • Example of non-session based connections: SaaS applications

Access Levels

  • Some resources will have access levels. An access level is a specific role within a resource.

  • Examples of resources with access levels: databases, kubernetes clusters, custom internal tools, GCP projects and folders

Did this answer your question?