Skip to content

Cajga/aws-console-url

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

AWS Management Console URL Generator

When you have AWS cli access (IAM Access Key and Secret Key), an IAM role and you want to access the AWS Management Console through this role, you can use this tool to generate a URL that will allow you to sign in to the Console and have the permissions of the role.

The tool generates a federated sign-in URL using the AWS Security Token Service (STS) to assume a role and then uses the getSigninToken API to create a temporary session that can be used to log using a browser.

It is based on the Enable custom identity broker access to the AWS console documentation from AWS.

Prerequisites

  • AWS CLI Profile: The application relies on AWS profiles. If your AWS profile uses AWS SSO (Single Sign-On), make sure you have already authenticated using aws sso login before running the program.
  • Your AWS profile can assume the role: The profile you use must have the necessary permissions to assume the role you specify.

Setup

Binary

Download the latest binary from the releases page

From source

git clone git@github.com:Cajga/aws-console-url.git
cd aws-console-url
GOOS=linux GOARCH=amd64 go build -o aws-console-url -ldflags '-extldflags "-static"' main.go
chmod +x aws-console-url

Usage

To run the application, use the following command syntax:

./aws-console-url --profile <aws-profile> --role-arn <role-arn> [--session-duration <duration_in_seconds>]

Example:

./aws-console-url --profile my-sso-profile --role-arn arn:aws:iam::123456789012:role/my-role

Parameters:

  • --profile (Required): The AWS CLI profile to use (e.g., my-sso-profile).
  • --role-arn (Required): The ARN of the IAM role you wish to assume (e.g., arn:aws:iam::123456789012:role/my-role).
  • --session-duration (Optional): The duration (in seconds) for which the federated session will remain valid. The default session duration is managed by the role. If specified, this will be added to the URL request when generating the federated sign-in URL.

NOTE:: if you are using role-chaining (you are using a role to assume another role) session duration cannot be defined. Also, you should not define longer session duration than the final role allows (max_session_duration property of role which is 1h per default and can be modified to a maximum value of 12h).

About

Generates a sign-in url for AWS Management Console to a given role

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v0.1.4 Latest
Jan 9, 2025

Packages

No packages published

Languages