How to Extend IAM’s Switch Role Limit using AWS Extend Switch Roles

BLOG ARTICLE

Introduction

In this blog post, I will be highlighting a browser extension that I have found to be extremely beneficial in managing access to multiple AWS Cloud Accounts. Introducing AWS Extend Switch Roles, a browser extension that allows users to switch between roles and customize its appearance all through the tool’s configuration window. 

One of IAM’s most important security features allows users to be assigned to different roles, each defining permissions that specify whether users are granted or denied access to specific services and resources. Once authenticated, users can assume these roles and perform actions allowed by the role, even across different AWS Accounts.

However, within the console, users can only see the last five roles in the role history section of the console. This can cause issues when managing more than five roles across multiple projects. I needed a solution that allowed me to extend that limit. Using this tool, I am able to manage all my IAM switching roles and assign colours to indicate what environment the role belongs to. Much easier than having to remember and manually input the AWS Account, role ARN and a colour every time I want to switch to a new role or view a role within a different environment (eg Dev, UAT, Prod).

WALKTHROUGH

Before I explain the installation, there are a few housekeeping items to take care of. At the time of writing, this tool is only available in Chrome and Firefox (sorry Safari or Edge users).

Installation

Depending on whether you use Chrome or Firefox the installation is relatively the same.

Chrome
  1. Search “AWS Extend Switch Roles” either through the browser, through the Chrome Store or by following this link (don’t worry it’s not a Rick-Roll): https://chrome.google.com/webstore/detail/aws-extend-switch-roles/jpmkfafbacpgapdghgdpembnojdlgkdl?hl=en
  2. Add the extension to the browser.
Firefox
  1. Search “AWS Extend Switch Roles” either through the browser, through the Firefox Browser Extensions Store or by following this link: https://addons.mozilla.org/en-US/firefox/addon/aws-extend-switch-roles3/
  2. Add the extension to the browser.

 

After downloading the extension for your compatible browser, click the blue paintbrush icon (in the extension toolbar).

After clicking the icon, you will be presented with a small modal screen:

After viewing this screen, click the configuration option, where you will be presented with this screen:

In order to configure the tool to display the roles, users will need to collect and input the following for each role:

  • Title
  • Role ARN 
  • Colour tag (which users can change at any time).


Here is one I’ve prepared earlier.

Once you have added the details, click the save button to save the roles to the tool. Once you have saved the configuration in the tool, simply login to the AWS console and select the paintbrush icon, where you can now switch between the configured roles.

Note: No AWS credentials are saved in this extension, making it acceptable to use in enterprise environments.

CONCLUSION

In this post, I have shown how to overcome the five role limit of the AWS console using this useful browser extension. This tool has helped me navigate the various IAM roles across the many AWS accounts I use in projects here at Cevo.