While the AWS CLI already allows managing multiple accounts, the console experience is still far behind: it allows one connected session per browser instance by default.
This is a great downfall when one is frequently changing between accounts, which is normally part of the day-by-day routine of CloudOps.
So you may ask: “How can I have multiple AWS console sessions active at the same time and be able to easily distinguish between them”?
The answer could be using different anonymous browser windows or opening different browsers at the same time. Even more, I can use one of the many different extensions available on Firefox.
Are those the best options? Frankly I don’t think so…
We are developers, we love to automate everything, and we get bored doing repetitive tasks. That’s why we managed to open different AWS consoles in a single browser window, in a click. finally we integrated it in our daily routine, Leapp.
Today, I want to share with you our Leapp extension, available for all the major browsers: Firefox, Chrome, Brave, and Edge.
No more need to manage different browsers at the same time.
No need to access every time.
No need to input by yourself all the information required to log in to the different accounts.
You can create all the AWS sessions you need on Leapp; all these sessions are, by construction, related to a specific AWS Account/Role couple (if you need an introduction to AWS IAM, check this post).
With the extension installed, you’ll be able to open it from Leapp on one or more AWS Console on a specific Account with a specific role.
All in your default Browser window, without losing your preferences.
The way it works relies on isolated containers on Firefox, and on cookies for Chromium-based browsers.
Leapp extension keeps track of all the cookies in a tab that is labeled with a specific metatag and listens to all the requests and responses storing and retrieving them as needed. This is done for all the tabs currently opened in the browser.
Let’s see how to install and start using the extension!
(Skip this step if you already have Leapp installed on your machine)
First, you need to install Leapp Desktop App because the extension needs it to communicate what AWS Console it has to open.
Add a session
To add sessions via AWS Identity Center integration, use the plus button near the integration sidebar.
In both cases fill the required parameters.
(Note: at the moment IAM User sessions can’t use the extension, but all others do)
Install the extension
The extension is available for all major browsers:
- If you’re on Firefox you can download it directly from the store.
- If you’re on Chrome, Edge, or any other Chromium-based browser which accepts extensions, you have to manually install the .zip file you can find here.
How to use the extension
With your preferred browser opened and the extension installed, return to Leapp and select one session you wish to access via AWS Console.
The Session will be launched in your default browser in a new tab. From there on you can open new child tabs from the initial one and all of them will retain the same cookies. On Firefox, you can verify this by taking a look at the color of the session, which will be the same.
The extension comes also with a small user interface that lets you focus the tab you need based on the AWS account and role currently set in that tab.
After reading this article you may wonder why you would use Leapp extension instead of one of the many others available.
Here are my top 3 good reasons:
Programmatic meets Console access
Many tools scattered on the Internet are useful for Programmatic access (i.e. CLI tools) to AWS, while many others (typically most of the extensions for Firefox) are only used for Console access.
You can have both. In the same tool. Behaving the same way.
Are you managing your credentials securely? The fact is that most tools only act as a way to access AWS, but the security posture of those credentials is a burden on the shoulders of the final user.
Leapp uses and rotates for you temporary short-lived credentials, generated from your sensitive infos (encrypted in your local system) for use with any AWS-compatible tools (i.e. AWS CLI, Terraform, CDK, etc.), and for accessing your AWS console too.
Leapp comes with a plugin system that lets you enhance your experience by automating your everyday operations on AWS.
This reflects also on the extension, as it communicates via WebSocket with Leapp.
Finally, I would like to suggest this article on how to manage AWS credentials.
If you’re here, reading this article, is thanks to the time I saved in opening and closing AWS sessions. Maybe it may seems esagerate, in a way, but think about all the minutes combined everyday doing repetitive tasks, and you’ll see how much time it is!
I strongly believe that many of you have the same issue at the moment, that’s why we open-sourced this solution to everyone,
We have seen what problems it could solve, mainly for managing multiple AWS account consoles at the same time, but also because being part of a more structured tool, it does it with secure credentials and without having the user remember passwords, profile names, roles, and so on.
We have seen where to retrieve it and how to install it.
Automating processes is also your thing? Do you like to find solutions to your everyday problems, and like to share them with others? Then join our community.
Until next time thanks for reading and stay safe!