Lino Espinoza 🇵🇪
Posted on January 10, 2024
What is Granted?
Granted is an excellent tool for managing multiple AWS account profiles efficiently. It provides a streamlined and user-friendly interface that simplifies switching between different accounts and performing tasks across them.
One of the key benefits of using Granted is its ability to securely store and manage AWS access keys and secret access keys. This eliminates the need to manage and update these credentials manually, reducing the risk of accidental exposure or unauthorized access.
Additionally, Granted offers seamless integration with AWS Identity and Access Management (IAM), allowing users to configure and manage permissions for each account profile easily. This ensures that users can safely access resources within each account, enhancing security and governance.
Getting Started
This a guide to installing Granted on macOS; for Linux and Windows users, you can check the official documentation.
Install AWS CLI
It is recommended that you install AWS CLI first before installing Granted. https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html
Set up AWS Profile
You must edit your ~/.aws/config
file and configure your AWS profiles. I advise using AWS SSO to begin this process; it is more handy. You can check the official documentation on configuring the AWS CLI to use the AWS IAM Identity Center.
Here is an example for this file; you can grab it and start here. 🙂
[default]
sso_session = https://defaultssodomain.awsapps.com/start
sso_account_id = [paste a default AWS Account ID here]
sso_role_name = [default role]
region = us-east-1
output = json
[profile production]
granted_sso_start_url = https://abc.awsapps.com/start
granted_sso_region = us-east-1
granted_sso_account_id = [paste your AWS Account ID here]
granted_sso_role_name = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process = granted credential-process --profile production
[profile uat]
granted_sso_start_url = https://abc.awsapps.com/start
granted_sso_region = us-east-1
granted_sso_account_id = [paste your AWS Account ID here]
granted_sso_role_name = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process = granted credential-process --profile uat
Install the Granted CLI
brew tap common-fate/granted
brew install granted
Verify your installation
granted -v
Assuming roles
Run the assume
command to assume a role (profile) previously defined in your ~/.aws/config
file.
➜ assume
[i] Thanks for using Granted!
[i] By default, Granted will open the AWS console with this browser: Chrome
[!] Granted works best with Firefox but also supports Chrome, Brave, and Edge (https://docs.commonfate.io/granted/introduction#supported-browsers). You can change this setting later by running 'granted browser set'
? Use Firefox as default Granted browser? (y/N)
You need to install a Granted Firefox addon so you can have several AWS Accounts sessions in separate tabs.
Look at these images as an example of how it looks for production and uat profiles.
These are the basics to get started with Granted. I will dive deep into more advanced configurations and tips in the following articles.
Conclusion
If you manage multiple AWS account profiles, like me, Granted is a powerful tool that simplifies the process and enhances security. Its user-friendly interface, secure credential management, IAM integration, and centralized dashboard make it a valuable asset for efficient AWS account management.
I hope you will find this helpful.
Hi👋🏻
My name is Lino, and I'm a builder who loves cloud technologies and serverless architectures. I write articles about these topics to share my knowledge and experience.
Don't forget to visit my Linktree to discover my projects 🫰🏻
Linktree: https://linktr.ee/linoespinoza
Follow me on dev.to for other articles 👇🏻
Posted on January 10, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.