๐ Generate a temporary login URL for the AWS Console
Prebuilt binaries for several architectures can be found attached to any of the available releases.
For Linux:
wget https://github.com/joshdk/aws-console/releases/download/v0.4.0/aws-console-linux-amd64.tar.gz
tar -xf aws-console-linux-amd64.tar.gz
sudo install aws-console /usr/bin/aws-console
For Mac:
brew tap joshdk/tap
brew install joshdk/tap/aws-console
A development version can also be built directly from this repository. Requires that you already have a functional Go toolchain installed.
go install github.com/joshdk/aws-console@master
This tool generates temporary login URLs for the AWS Console using the credentials from a named AWS cli profile.
The configuration files for these named profiles are located at ~/.aws/credentials
and ~/.aws/config
.
For more information on these two file and configuring profiles, please take a look at:
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
In the likely event that a named profile provides credentials for an IAM user (opposed to an IAM role), that user must first be federated to obtain temporary credentials. AWS does not permit generating a Console login URL using IAM user credentials, which is why federating users is necessary. For more information on federating credentials, please take a look at:
This tool will detect and automatically federate IAM users transparently.
Generate an AWS Console login URL for the default profile:
$ aws-console
Or for the named "production" profile:
$ aws-console production
Or from the output of the aws cli itself:
$ aws sts assume-role โฆ | aws-console -
Open the generated URL using the default browser:
$ aws-console --browser
Or copy the URL to the system clipboard:
$ aws-console --clipboard
Display the generated URL in the terminal as a QR code:
$ aws-console --qr
Or save it as an image to a file:
$ aws-console --qr > qr.png
Limit session duration to half an hour:
$ aws-console --duration 30m
Redirect to the IAM service after logging in:
$ aws-console --location iam
Federate the user and use the name "audit":
$ aws-console --name audit
Attach a readonly policy to the federated user:
$ aws-console --policy readonly
This code is distributed under the MIT License, see LICENSE.txt for more information.
Created by Josh Komoroske โ