DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Andrea Cavagna | AWS builder for AWS Community Builders

Posted on • Originally published at itscava.com

AWS Console login to multiple accounts at the same time

Cloud environment is fragmented, we know it, AWS makes no exception!

While the AWS CLI already allows managing multiple accounts, the console experience is still far behind: it allows one connected session per browser instance by default.

This is a great downfall when one is frequently changing between accounts, which is normally part of the day-by-day routine of CloudOps.

So you may ask: β€œHow can I have multiple AWS console sessions active at the same time and be able to easily distinguish between them”?

The answer could be using different anonymous browser windows or opening different browsers at the same time. Even more, I can use one of the many different extensions available on Firefox.
Are those the best options? Frankly I don’t think so…

One Web extension to access multiple console

We are developers, we love to automate everything, and we get bored doing repetitive tasks. That’s why we managed to open different AWS consoles in a single browser window, in a click. finally we integrated it in our daily routine, Leapp.

Today, I want to share with you our Leapp extension, available for all the major browsers: Firefox, Chrome, Brave, and Edge.

No more need to manage different browsers at the same time.

No need to access every time.

No need to input by yourself all the information required to log in to the different accounts.

You can create all the AWS sessions you need on Leapp; all these sessions are, by construction, related to a specific AWS Account/Role couple (if you need an introduction to AWS IAM, check this post).

With the extension installed, you’ll be able to open it from Leapp on one or more AWS Console on a specific Account with a specific role.

All in your default Browser window, without losing your preferences.

The way it works relies on isolated containers on Firefox, and on cookies for Chromium-based browsers.

Leapp extension keeps track of all the cookies in a tab that is labeled with a specific metatag and listens to all the requests and responses storing and retrieving them as needed. This is done for all the tabs currently opened in the browser.

Let’s see how to install and start using the extension!

Install your Leapp browser extension

Install Leapp

(Skip this step if you already have Leapp installed on your machine)

First, you need to install Leapp Desktop App because the extension needs it to communicate what AWS Console it has to open.

Image description

Add a session

You can add a session individually, or using the AWS Identity Center integration (ex AWS Single Sign-on). To add a Federated, Chained, or IAM User session, use the plus button in the top bar.

Image description

To add sessions via AWS Identity Center integration, use the plus button near the integration sidebar.

Image description

In both cases fill the required parameters.

(Note: at the moment IAM User sessions can’t use the extension, but all others do)

Install the extension

The extension is available for all major browsers:

  • If you’re on Firefox you can download it directly from the store.
  • If you’re on Chrome, Edge, or any other Chromium-based browser which accepts extensions, you have to manually install the .zip file you can find here.

How to use the extension

With your preferred browser opened and the extension installed, return to Leapp and select one session you wish to access via AWS Console.

Image description

The Session will be launched in your default browser in a new tab. From there on you can open new child tabs from the initial one and all of them will retain the same cookies. On Firefox, you can verify this by taking a look at the color of the session, which will be the same.

Image description

The extension comes also with a small user interface that lets you focus the tab you need based on the AWS account and role currently set in that tab.

Image description

Final Thoughts

After reading this article you may wonder why you would use Leapp extension instead of one of the many others available.

Here are my top 3 good reasons:

Programmatic meets Console access

Many tools scattered on the Internet are useful for Programmatic access (i.e. CLI tools) to AWS, while many others (typically most of the extensions for Firefox) are only used for Console access.

You can have both. In the same tool. Behaving the same way.

Secure Access

Are you managing your credentials securely? The fact is that most tools only act as a way to access AWS, but the security posture of those credentials is a burden on the shoulders of the final user.

Leapp uses and rotates for you temporary short-lived credentials, generated from your sensitive infos (encrypted in your local system) for use with any AWS-compatible tools (i.e. AWS CLI, Terraform, CDK, etc.), and for accessing your AWS console too.

Extensibility

Leapp comes with a plugin system that lets you enhance your experience by automating your everyday operations on AWS.

This reflects also on the extension, as it communicates via WebSocket with Leapp.

Finally, I would like to suggest this article on how to manage AWS credentials.

Conclusions

If you’re here, reading this article, is thanks to the time I saved in opening and closing AWS sessions. Maybe it may seems esagerate, in a way, but think about all the minutes combined everyday doing repetitive tasks, and you’ll see how much time it is!

Image description

I strongly believe that many of you have the same issue at the moment, that’s why we open-sourced this solution to everyone,

We have seen what problems it could solve, mainly for managing multiple AWS account consoles at the same time, but also because being part of a more structured tool, it does it with secure credentials and without having the user remember passwords, profile names, roles, and so on.

We have seen where to retrieve it and how to install it.

Automating processes is also your thing? Do you like to find solutions to your everyday problems, and like to share them with others? Then join our community.

Until next time thanks for reading and stay safe!

Top comments (3)

Collapse
 
matteomoroni5 profile image
Matteo Moroni

A great explanation of a cool new feature :)

Collapse
 
hectorfernandez02 profile image
hectorfernandez02

Is it secure to use this kind of tool? The extension stores any data?

Collapse
 
a_cava94 profile image
Andrea Cavagna | AWS builder

Thanks for the question @hectorfernandez02.
The extension does not store any data.
It communicate locally only with the open-source tool
Even the open-source Desktop App manage only credentials locally and store any sensitive info in your encrypted file-system (Vault for MacOs for example)

From that, a set of short lived-credentials are generated to generated a presigned url in a isolated browser tab!

Everything is open-source but the tool is designed with a security-in-mind first approach:
docs.leapp.cloud/0.16.2/security/i...

Create an Account!

πŸ‘€ Just want to lurk?

That's fine, you can still create an account and turn on features like 🌚 dark mode.