for you AWS folks out there who use multiple accou...
# generals
Sam Hulick
08/09/2021, 7:01 PMfor you AWS folks out there who use multiple accounts: this extension is a life-saver!
https://chrome.google.com/webstore/detail/aws-extend-switch-roles/jpmkfafbacpgapdghgdpembnojdlgkdl
https://addons.mozilla.org/en-US/firefox/addon/aws-extend-switch-roles3/?utm_source=addons.mozilla.org&utm_medium=referral&utm_content=search
a
Adrián Mouly
08/09/2021, 7:03 PMNice.
Adrián Mouly
08/09/2021, 7:03 PMDon’t you use the account switcher?
Adrián Mouly
08/09/2021, 7:04 PMLike….
<http://mycompany.awsapps.com|mycompany.awsapps.com>Adrián Mouly
08/09/2021, 7:04 PMI have all my accounts on that page, not sure if it’s new or what.
s
Sam Hulick
08/09/2021, 7:04 PMthe built-in AWS switcher is not that great.
#1, it doesn’t sync across computers (it’s cookie based)
#2, it’s limited to 5 accounts max before it removes the oldest one
Sam Hulick
08/09/2021, 7:05 PMyou also can’t remove accounts either
a
Adrián Mouly
08/09/2021, 7:05 PMYeah.
Adrián Mouly
08/09/2021, 7:05 PMIn my previous jobs always used 1 account for all, now that we have 3 or 4 it gets more complicated.
Adrián Mouly
08/09/2021, 7:07 PMWe actually have SSO, and I think the roles work differently.
s
Sam Hulick
08/09/2021, 7:07 PMahh yeah
a
Adrián Mouly
08/09/2021, 7:07 PMThat’s why I use that home page in
<http://awsapps.com|awsapps.com>t
thdxr
08/09/2021, 7:08 PMI highly recommend setting up AWS SSO (even if you already have a different sso provider). I use that to switch between accounts
a
Adrián Mouly
08/09/2021, 7:09 PMBut where do you do the switch? from where I mean.
s
Sam Hulick
08/09/2021, 7:09 PMwhat does that experience look like? yeah, I was wondering the same
a
Adrián Mouly
08/09/2021, 7:11 PMThis is the experience that I use.
s
Sam Hulick
08/09/2021, 7:11 PMis that the AWS SSO switcher?
a
Adrián Mouly
08/09/2021, 7:11 PMBut not sure if there are other ways, I didn’t setup SSO, was other person.
Adrián Mouly
08/09/2021, 7:12 PMI think so.
Adrián Mouly
08/09/2021, 7:12 PMWe use SSO with our Microsoft 365. accounts.
Adrián Mouly
08/09/2021, 7:12 PMAnd I get to that page entering to “mycompany.awsapps.com”
Adrián Mouly
08/09/2021, 7:13 PMBut not sure if there are better ways, the bad thing about this is you can only have 1 account open, you can’t open 2 sessions at the same time.
Adrián Mouly
08/09/2021, 7:13 PMSometimes I want to compare resources from DEV / STAGE, and I can’t easily.
a
Akos
08/10/2021, 8:14 AMAgreed, can fully recommend AWS SSO. We followed these instructions for G Suite and it worked the first try. Combined with Control Tower it allows us to easily vend developer AWS accounts and assign groups to each AWS account. E.g. the owner of the developer account has full admin privileges, but every developer has read-only access to all personal accounts as well.
This works for the CLI as well, although you do need to reauthenticate every 30-2 hours (depending on session duration). And using something like ssocred allows you to use legacy AWS CLI tooling that doesn't support reading SSO temporary credentials.
The one downside as Adrian mentions is that you can only be logged into 1 account.
j
Jad
08/11/2021, 6:39 PMTo get around the limitation of only being able to log into a single account, what has worked well for us is setting up a new chrome profile for each of the accounts (I am not sure if there is a configuration setting in AWS SSO that may prevent it in some cases). In each profile, log into AWS SSO, and you should then be able to log into one account per chrome profile simultaneously. The new chrome profiles also have a nice set of default colors you can set so you can distinguish your different environments.