Stay up to date with the latest from the Knowledge Center. See all new and updated Knowledge Center articles published in the last month and re:Post’s top contributors.
IAM Identity Center: AWS Management Console and AWS Account Context
We are in the process of setting up a new fleet of AWS accounts, and have configured federated access from our IdP via IAM Identity Center. It works very well.
What is lacking, however, is useful context within the AWS Management Console to clearly identify where the user is operating at the time.
The AWS Portal provides a very convenient and useful list of accounts (with their proper names) and available roles. Here is an obfuscated example:
When we use any of the links from this page, we jump directly into one of our accounts via the relevant Permission Set. The only context that we see is quite unhelpful, and I have concerns that anybody in our team could easily forget which account they are working in, leading to mistakes of varying consequence. The only information that seems to be readily available is the information shown under the 'current user' drop-down in the top-right of the console, which only shows the not very helpful account identifier.
We'd really like a way of clearly seeing the account name, perhaps in the header bar, ideally along with a color (like you can configure with AWS role switching). Basically what we had via old-school IAM with role switching. Does anybody know if this is a thing, or if there is something that I'm missing
- Newest
- Most votes
- Most comments
I use this Chrome extension to make it easier to identify the account I am working on.
https://chrome.google.com/webstore/detail/aws-peacock-management-co/bknjjajglapfhbdcfgmhgkgfomkkaidj
Currently, IAM Identity Center does not have any special settings for identification, so the only way is to use the above extension.
My Friend, There is no native AWS option as of yet to identify which account you are in when you login via SSO, but here are few tricks that may help. (Note - adding account alias will also not help)
Trick 1 - If there are few account you login most of the times, then you can enable colour theme for the brower - Login to AWS account via SSO -> on the top right corner --> Role/User --> Settings --> Display --> Visual Mode --> Dark for 1 ACC. and White for Another..
Trick 2 - Prefer using Standard Naming convention for all resources like EC2, EKS, ALB, EBS, SG, IAM, etc. example -- CountryCode-Account-Environment-Application-Resource-AZ Eg. (IN-AXCESS-PROD-APP2-EC2-1B) (IN-AXCESS-DEV-APP1-EC2-1A) (IN-AXCESS-CICD-JENKINS-EC2-1) and (IN-AXCESS-CICD-JENKINS-EC2-1-SG)
Hope this helps.
I'm not sure that trick 1 scales well to more than a couple of accounts. Also, I'm not sure how the specific resource naming helps identify at-a-glance which console you are in, unless you are suggesting that we name each Permission Set resource according to the target account (which seems to go a bit against the benefit of reusable cross-account permission sets). Thank you for the suggestions, though.
Relevant content
- asked 9 months ago
- asked 21 days ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
That is exactly what I need! It is a bit of a shame that this capability is not native to the AWS Management Console, but a plug-in extension is a very good option to have.
Thank you for the response.
This should not be an accepted answer, it just proves AWS's inability to deliver normal UX, there is no justification for slacking like this from a multibillion-dollar company.