You can quickly switch to any of your AWS accounts with a click of a button on a menu, listing them by name and color.
Wanna learn how to configure that list in a couple of minutes?
Using multiple accounts is a common practice for many organizations. Whether for development environments consolidation, billing separation, and granularity or third party service accounts, using multiple accounts is an everyday necessity.
As a consultant, I need to regularly share my account resources among other in-house accounts as well as with customers’ accounts.
For a while, I used to disconnect and reconnect from one account to another dozen of times a day. When the action became too frequent to bare, I had to find a suitable solution, one that would give me the freedom of hopping from one account to another without the hassle of changing login sessions.
AWS Cross-Account access role is a setup where a given account, validates another account for access, by letting it assume a pre-configured IAM role. The external account’s users and resources can then assume the given role and use the new account’s resources within the boundaries of its IAM role privileges.
Configuring cross-account access role requires a couple of minutes following a few simple steps. By the end of the configuration, you’ll be able to just select “change role” from a drop-down menu visible at all times in the AWS console, and make a quick jump to whichever account set with a cross access role:
Click on your user name on the top right-hand side of your AWS console. Then from the drop-down list select Switch Role
Provide the account name, given role and a color for future quick access from your console menu
From now on, the configured accounts would be available for quick shifting with a single click of a button
Ah, wait, none of us ever actually see the colorful console right? UI is lame.
You run everything from your console right? :)
Let’s see how assuming a cross-account role can be easily done using AWS CLI:
$ cat ~/.aws/credentials[profile crossaccountrole]role_arn = arn:aws:iam::123456789012:role/xaccountsource_profile = default
$ aws s3 ls --profile crossaccountrole
$ export AWS_PROFILE=crossaccountrole
Not only you’ve got all your accounts color coded in the console and ready for quick shifting, but you can use single secret credential for all of your CLI accounts as well.