AWS re:Invent 2020 Day 1: Top 5 Announcements
The first virtual re:Invent has officially kicked off with Monday Night Live and Andy Jassy's keynote. In this article we'll highlight the 5 most important announcements and releases for day 1. 1.…
At SENTIA we manage many AWS accounts and for this we quite often need to
login to the AWS Console of these accounts. We wanted a way to access the AWS
Console that was both secure and easy to use.
We have looked at a couple of options (see table) for authentication to the AWS
|No shared credentials||❌||✅||✅||✅|
|No shared MFA||❌||✅||✅||✅|
|Ease of Use|
Of these options we found using IAM Roles to be the most secure, but
logging into the AWS Console using IAM Roles is quite a hassle, therefore
Locksmith – a Chrome Extension for AWS Console login using
Cross-Account IAM Roles – was created.
We use a single IAM user per person. This user has a single MFA, and you can
easily remove the IAM user to revoke a person’s access to all accounts.
…doesn’t the AWS Console support this already?
Yes indeed, we developed Locksmith before AWS announced this feature. Even so,
we still might have developed Locksmith since it has the following advantages
over the tool built into the AWS Console: