How to manage multiple AWS Account Profiles with Granted

linoespinoza

Lino Espinoza 🇵🇪

Posted on January 10, 2024

How to manage multiple AWS Account Profiles with Granted

What is Granted?

Granted is an excellent tool for managing multiple AWS account profiles efficiently. It provides a streamlined and user-friendly interface that simplifies switching between different accounts and performing tasks across them.

One of the key benefits of using Granted is its ability to securely store and manage AWS access keys and secret access keys. This eliminates the need to manage and update these credentials manually, reducing the risk of accidental exposure or unauthorized access.

Additionally, Granted offers seamless integration with AWS Identity and Access Management (IAM), allowing users to configure and manage permissions for each account profile easily. This ensures that users can safely access resources within each account, enhancing security and governance.

Getting Started

This a guide to installing Granted on macOS; for Linux and Windows users, you can check the official documentation.

Assume first look

Install AWS CLI

It is recommended that you install AWS CLI first before installing Granted. https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html

Set up AWS Profile

You must edit your ~/.aws/config file and configure your AWS profiles. I advise using AWS SSO to begin this process; it is more handy. You can check the official documentation on configuring the AWS CLI to use the AWS IAM Identity Center.

Here is an example for this file; you can grab it and start here. 🙂

[default]
sso_session = https://defaultssodomain.awsapps.com/start
sso_account_id = [paste a default AWS Account ID here]
sso_role_name = [default role]
region = us-east-1
output = json

[profile production]
granted_sso_start_url      = https://abc.awsapps.com/start
granted_sso_region         = us-east-1
granted_sso_account_id     = [paste your AWS Account ID here]
granted_sso_role_name      = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process         = granted credential-process --profile production

[profile uat]
granted_sso_start_url      = https://abc.awsapps.com/start
granted_sso_region         = us-east-1
granted_sso_account_id     = [paste your AWS Account ID here]
granted_sso_role_name      = AdministratorAccess
common_fate_generated_from = aws-sso
credential_process         = granted credential-process --profile uat
Enter fullscreen mode Exit fullscreen mode

Install the Granted CLI

brew tap common-fate/granted
brew install granted
Enter fullscreen mode Exit fullscreen mode

Verify your installation

granted -v
Enter fullscreen mode Exit fullscreen mode

Granted version

Assuming roles

Run the assume command to assume a role (profile) previously defined in your ~/.aws/config file.

➜ assume
[i] Thanks for using Granted!
[i] By default, Granted will open the AWS console with this browser: Chrome
[!] Granted works best with Firefox but also supports Chrome, Brave, and Edge (https://docs.commonfate.io/granted/introduction#supported-browsers). You can change this setting later by running 'granted browser set'

? Use Firefox as default Granted browser? (y/N)
Enter fullscreen mode Exit fullscreen mode

You need to install a Granted Firefox addon so you can have several AWS Accounts sessions in separate tabs.

Look at these images as an example of how it looks for production and uat profiles.

AWS Profile Example 1 with granted

AWS Profile Example 2 with granted

These are the basics to get started with Granted. I will dive deep into more advanced configurations and tips in the following articles.

Conclusion

If you manage multiple AWS account profiles, like me, Granted is a powerful tool that simplifies the process and enhances security. Its user-friendly interface, secure credential management, IAM integration, and centralized dashboard make it a valuable asset for efficient AWS account management.

I hope you will find this helpful.


Hi👋🏻
My name is Lino, and I'm a builder who loves cloud technologies and serverless architectures. I write articles about these topics to share my knowledge and experience.
Don't forget to visit my Linktree to discover my projects 🫰🏻

Linktree: https://linktr.ee/linoespinoza

Follow me on dev.to for other articles 👇🏻

💖 💪 🙅 🚩
linoespinoza
Lino Espinoza 🇵🇪

Posted on January 10, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related