Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I have multiple concurrent AWS console sessions logged in to multiple account/role combinations?

The AWS console allows one connected session per browser instance. This is a PITA when one is frequently changing between accounts.

How can I have multiple AWS console sessions active at the same time (and be able to easily distinguish between them)?

like image 394
Bruce Edge Avatar asked Dec 13 '20 20:12

Bruce Edge


3 Answers

If I understand correctly there is a way to do this. Currently, I handle 5-9 AWS Account Concurrently. If you use firefox there is a plugin offered by Firefox officiallyenter image description here https://addons.mozilla.org/en-GB/firefox/addon/multi-account-containers/

Source Link - https://github.com/mozilla/multi-account-containers#readme

It's Really Good, you can add as many multiple containers you want under one Browser Window.

Also, if you want to login to CLI with multiple profiles - you can use named profile service by AWS https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html

like image 99
Mohit Sharma Avatar answered Oct 22 '22 23:10

Mohit Sharma


Use chrome's "people" feature to segregate AWS profiles. Each "person" in chrome context is a completely separate browser context that that shares nothing.

There's a great plugin that makes managing accounts/roles easier: https://github.com/tilfin/aws-extend-switch-roles It lets one control what account/role combinations are visible on the console account/role chooser:

enter image description here

But you're still limited to one login per browser context.

That's where chrome's "people" facility comes in.

One can create a different "person" for every account/role combination.

This means separate and distinct login sessions

enter image description here

The combination of the above plugin and distinct browser people/contexts for each account role combination allows one to map each "person" to a set of role(s) they are expected to use.

Given that each person will lose the context they have if they switch roles, I tend to create only 1 or 2 roles in the plugin config for each person.

So if I want a new account/role combination - create a new person, install the plugin, and setup the plugin to know only about that account/role combination.

This lets you have as many concurrent AWS console sessions as you can keep straight in your head. The "people" feature also lets you pick an identifier icon for each person so you can see at a glance which session(s) you have open.

This shows 4 active chrome canary sessions open, all logged in to different accounts.

enter image description here

Note the circled identifier icons. eg: "dev" is a bug "prod" variants are balls, mnemonic "game day" etc...

You can also assign a color to each account/role with the plugin. I found that it helps to match the color of the person to that of the account/role, so you can tell at a glance, or when minimized, which it is.

Finally, the reason to use canary is that I want my main "open link" behavior to not use any of these "AWS-specific" browser instances. This ensures that all my link open in my actual chrome instance and canary is reserved for the proliferation of AWS sessions.

I've seen so many people futz around with opening/closing/re-logging-in/etc that I felt I had to post this as a Q&A.

Hopefully someone finds this useful.

like image 34
Bruce Edge Avatar answered Oct 22 '22 21:10

Bruce Edge


There's a great plugin that allow you to manage multiple AWS accounts/: https://github.com/tilfin/aws-extend-switch-roles It lets one control what account/role combinations are visible on the console account/role chooser:

You can handle multiple AWS Account concurrently on certain browser. If you use FireFox Browser there is a plugin offered by Firefox officially.

https://addons.mozilla.org/en-GB/firefox/addon/multi-account-containers/

like image 26
SeniorEngineer Avatar answered Oct 22 '22 23:10

SeniorEngineer