Extend your AWS IAM switching roles. You can set the configuration like aws config format
Switch roll history does not remain only 5 maximum on the AWS Management Console. This extension extends to show more switch roles by loading your aws configuration. The bottom of the console header is emphasized with your specified color if you assume a cross account role. - Supports Chrome Sync ## Configuration Supports ~/.aws/config format and like ~/.aws/credentials ### Simple Configuration The simplest configuration is for multiple **target roles** when you always intend to show the whole list. **Target roles** can be expressed with a `role_arn` or with both `aws_account_id` and `role_name`. #### Optional parameters * `color` - The RGB hex value (without the prefix '#') for the color of the header bottom border and around the current profile. * `region` - Changing the region whenever switching the role if this parameter is specified. * `image` - The uri of an image to use on top of any color attribute supplied. The color and image are not mutually exclusive. ``` [profile marketingadmin] role_arn = arn:aws:iam::123456789012:role/marketingadmin color = ffaaee [anotheraccount] aws_account_id = 987654321987 role_name = anotherrole region=ap-northeast-1 [athirdaccount] aws_account_id = 987654321988 role_name = athirdrole image = "https://via.placeholder.com/150" ``` ### Complex Configuration More complex configurations involve multiple AWS accounts and/or organizations. - A profile that has only `aws_account_id` (without a `role_name`) is defined as **base account**. - **If your account is aliased, the alias will be shown in the role dropdown after 'Account:'. You MUST use that alias as the aws_account_id for the base account instead of the numerical account id or your configuration won't work as expected.** - A **target role** is associated with a **base account** by the **target role** specifying a `source_profile`. - As above, **target roles** can be expressed with a `role_arn` or with both `aws_account_id` and `role_name` and can optionally pass the optional parameters. - If `target_role_name` is set in **base account**, the value is provided as the default role name for each **target roles**. ``` [organization1] aws_account_id = your-account-alias [Org1-Account1-Role1] role_arn = arn:aws:iam::123456789012:role/Role1 source_profile = organization1 [Org1-Account1-Role2] aws_account_id = 123456789012 role_name = Role2 source_profile = organization1 [Org1-Account2-Role1] aws_account_id = 210987654321 role_name = Role1 source_profile = organization1 [baseaccount2] aws_account_id = 000000000000 [Base2-Role1] role_arn = arn:aws:iam::234567890123:role/Role1 source_profile = baseaccount2 [AnotherRole] role_name = SomeOtherRole aws_account_id = account-3-alias ; ; target_role_name example ; [Org2-BaseAccount] aws_account_id = 222200000000 target_role_name = Developer [Org2-Account1-Developer] aws_account_id = 222200001111 source_profile = Org2-BaseAccount [Org2-Account2-Manager] aws_account_id = 222200002222 role_name = Manager ; overrides target role name source_profile = Org2-BaseAccount ``` If you sign-in a base account, target roles of the other base accounts are excluded. The 'Show only matching roles' setting is for use with more sophisticated account structures where you're using AWS Organizations with multiple accounts along with AWS Federated Logins via something like Active Directory or Google GSuite. Common practice is to have a role in the master account that is allowed to assume a role of the same name in other member accounts. Checking this box means that if you're logged in to the 'Developer' role in the master account, only member accounts with a role_arn ending in 'role/Developer' will be shown. You won't see roles that your current role can't actually assume. ## Settings - **Hide original role history** hides original role history (Show only roles in the configuration). - **Hide account id** hides the account_id for each profile. - **Show only matching roles** filters to only show profiles with roles that match your role in your master account. - **Automatically assume last assumed role (Experimental)** automatically assumes last assumed role on the next sign-in if did not back to the base account and signed out.
- (2020-02-25) Jason Gay: superb - just works!
- (2020-01-24) John Paulo Rodriguez: Very Useful! Thank you!
- (2019-11-20) Bách Huỳnh Văn: Awesome extension! I love it!
- (2019-11-13) Tyler Sustare: Super duper when using
- (2019-11-06) Sathurjan: Its very useful extension for AWS Admin !! Really love it - Powerful tool
- (2019-11-04) Martin Bachmann: Surely useful, but on a general note, a third-party browser plugin which has full access to your AWS console should make everybody at least a bit nervous. A plugin can modify a page and interact with it as it sees fit. And quite a few times plugins were targeted by hackers - imagine the implications here. (Don't get me wrong, the author is surely doing a great job and will hopefully ensure the plugin access remains firmly in his hands).
- (2019-08-25) Robert J: My dude or dudette, you are my hero!
- (2019-08-20) Jason Harris: Seriously, the most useful extension I have. By far. It saves me thousands of keystrokes.
- (2019-07-25) Justin Rice: SO MUCH TIME SAVED
- (2019-07-12) Carlo Mencarelli: Great for segmented AWS orgs. Straightforward and easy to setup.
- (2019-06-27) Emre Odabas: Using this over a year and this is by far the most useful addon for an AWS user.
- (2019-06-26) 唐守滨: awesome extension tool, found long time.
- (2019-06-24) Manuel de Paz: Extensión imprescindible cuando gestiones varias cuentas de AWS. Permite tener más de 10 cuentas en la lista y facilita los assumeRole.
- (2019-05-06) Agapito Di Sousa: Esta extensión me ha cambiado la vida no la he probado ni se lo que hace pero descarguenla es muy buena
- (2019-01-30) Excellent tool!!! I manage close to 200 AWS accounts, and this tool is perfect!!!
- (2018-12-14) John Jones: AWS should just buy this and make it the standard for role switching
- (2018-11-15) Asfand Qazi: The perfect extension! Does one job, no ads, and does it really well. Would happily donate if I didn't have to pay a £4 fee with the £5 donation - thanks PayPal.... :(
- (2018-10-30) John Heller: Super useful, especially if you have to deal with multiple accounts and related cross-account roles. It's clever enough to show you just the relevant roles. I like being able to set the region too.
- (2018-10-15) Murat Tasova: very usefull, thanks. No dont have to remember the all the account names and are able to switch fast,
- (2018-10-06) Adrian Amoroso: What AWS should have done from the start. Nice work!
- (2018-09-24) cheesejunkfunk: This does everything I need it too, and it saves me a lot of time.
- (2018-09-08) Dorance Martinez Cortes: Thanks, is simple to use, only copy paste the credentials file and can change easily between roles.
- (2018-06-19) Max Allan: Why have I only just found this plugin? My life is now so much easier. Thank you!!
- (2018-05-07) voll cool
- (2018-04-27) Doug Copestake: Just being able to automatically switch region is a life saver. Thanks!
- (2020-02-28, v:0.14.0) Rurui Ye: any plan to support China aws?
the url is different: https://amazonaws.cn/
- (2019-09-19, v:0.14.0) shobhit srivastava: Failed to save bacause the number of profiles exceeded maximum 200!
Hello Team, Thanks for creating such cool tool for easy switch role between accounts. But while I am exceeding more then 200 accounts, it's showing this error, "Failed to save because the number of profiles exceeded maximum 200!". If possible please increase the maximum limit to 400 or 500. Once again thanks for life easy tool.
- (2019-07-09, v:0.13.1) steven smith: Version Control the config
Hello, first of all, Kudos. this has made my life so much easier. thank you second, where is the config stored? we want to version control this along with the cli files, but i cannot locate it?
- (2019-03-13, v:0.11.0) Trevor Cotton: GovCloud support
Are there any plans to support GovCloud (https://console.amazonaws-us-gov.com)?
- (2019-02-08, v:0.10.1) Sheldon Hull: Failures to switch role
Network tools show the request is submitting just https://signin.aws.amazon.com/switchrole and no parameters provided at the end. I've verified permissions are set to all sites, and my configuration is correctly set with alias at root. This worked previously, so I'm leary that perhaps an issue with a chrome update just pulled in last week or so is causing this? I've ensured adblocker disabled, even though previously it worked with it, with no impact. <code> Bad Request You may have typed the address incorrectly or you may have used an outdated link. </code> Form data submitted by extension shows: <code> action=switchFromBasis&src=nav&roleName=DelegateAdminAccessRole&account=1234567&mfaNeeded=0&color=E00008&csrf=NumNums&redirect_uri=https%253A%252F%252Feu-west-1.s3.console.aws.amazon.com%252Fs3%252Fhome%253Fregion%253Deu-west-1%2523&displayName=TacosAreDelicious++%7C++1234567 </code> Any ideas?
- (2018-04-26, v:0.8.0) Shared config file
Firstly, thank you for your continued development and support of this incredibly useful extension. It definitely improves usefulness of the AWS management console for multi-account/role configurations. I have a team of people who would benefit from sharing a common config file of accounts and roles. Would you consider adding support for a shared read-only config via URL as an option or addition to the local private read-write config?
- (2018-04-17, v:0.8.0) Craig Bona: Max Size of configuration?
We have a fairly large number of roles and accounts, and it seems that once the config gets to a certain size it says it updates on save, but it doesn't.
- (2017-11-17, v:0.6.1) color picker crashes chrome
Chrome Version 62.0.3202.94 (Official Build) (64-bit) Open Extension. Choose color picker. Try to pick a color. All chrome windows crash.
- (2017-07-13, v:0.5.0) Peter Salnikov: Nothing changes in aws console
I've installed your extension. But nothing changed after I put config there and reload aws console page. Are there any debug logs available there?
- (2017-05-09, v:0.4.0) Josh Smith: Remove " | ACCOUNTID" from the display
Can you please add an option to hide the "| accountid" from the display?
- (2017-02-24, v:0.3.2) Extension does not work with roles using path/forward slash
Love the extension, however does not work with our accounts that use a path/forward slash. Example: arn:aws:iam::123456789012:role/test/TestRole This will only populate role field with 'test'.