DEV Community

Cover image for SIMPLIFY ACCESS: A STEP-BY-STEP GUIDE TO USING MULTIPLE AWS ACCOUNTS
3

SIMPLIFY ACCESS: A STEP-BY-STEP GUIDE TO USING MULTIPLE AWS ACCOUNTS

On January 16, AWS made a game-changing announcement: native support for signing into multiple AWS accounts simultaneously. Previously, trying to log in to another account in a new tab would log you out of the first. This was a pain point for many of us juggling multiple AWS environments. Workarounds like Chrome profiles or the Firefox Multi-Account Containers plugin helped, but they had limitations.

In this blog, I’ll guide you through AWS’ new multi-session support, explore how Firefox Containers work, and share my thoughts on which solution works best.

AWS MULTI-SESSION SUPPORT

If you’re using a single AWS account for all your workloads, it’s time to rethink your approach! Managing multiple accounts is critical for security and organisation. Splitting environments (Dev, Test, Prod) into separate accounts reduces your blast radius—meaning if one account is compromised, the others remain safe. Now that you have a nice multi-account environment, how do you compare things between accounts or environments? Is something in Dev not talking to a bucket in Shared Services? How can you open the console in both accounts?

AWS now offers a native option to open multiple accounts. This works with AWS Identity Centre-configured roles, IAM User access, and cross-account roles. It is both simple and initially confusing.

When you log in to an account, you will be given an option to turn on multi-session support. This is something within your browser and doesn’t directly impact the AWS account you are connecting to. As such, it doesn’t matter what IAM permissions you have.

To enable this feature, go to the account dropdown and click the button to “Turn on multi-session support.”

Turn on multi-session support button

Ensure you have pop-ups enabled because after clicking the button, you’ll get a pop-up with more information on what AWS multi-session support does and a final confirmation button.

multi-session pop up window

After this, you now see a button to “Add session”.

Add session screen

Here’s where it might get confusing: when you click “Add session,” AWS directs you to the IAM user login screen.

IAM sign in screen

If you’re using AWS Identity Center (formerly AWS SSO), don’t worry—you don’t need to use the “Add session” button. Connect to your next account as you usually would, and AWS will populate the session list automatically.

Screenshot showing an active session

You keep connecting to accounts, and the active session list will keep getting populated.

Screenshot showing multiple sessions

Well, that is until you hit the five active session limit.

The session limit window

Similar to when you used to populate “Switch Role”, there is a limit to the number of sessions you can have. You also can’t opt out of removing a session once you hit the limit. That is a bit of an annoyance, but this is the early days for the feature, so AWS may do something about it.

HOW DO YOU SWAP SESSIONS?

Swapping sessions is straightforward. You go to the Account dropdown in the top right and choose one of the active sessions listed. AWS will then open a new tab with you logged into the AWS console for that account with the specified role. Simple!

There is no visual indicator for the different accounts, though. You need to look in the top right corner to see what account and role you are logged in to.

AWS user info

HOW DO YOU LOG IN TO A ROLE?

Cross-account roles are also supported in the new session window. If you click the dropdown on the “Add session” button, you can see any previously configured cross-account roles or add a new one.

Screenshot showing the switch role

Adding a new role is the same as always; you specify the account you want to connect to, the role to assume, and an optional name and colour. If you have an existing role, you can select it. Either option will open a new tab for you. That role will now show in the active sessions window.

Screenshot showing a role in the account list

FIREFOX MULT-ACCOUNT CONTAINERS

Firefox Multi-Account Containers is an extension designed to isolate browser activity across tabs. Each container acts as its own environment, meaning you can log in to different AWS accounts without interference. A container can have multiple associated tabs. Let me show you how to set it up and why it’s my go-to solution.

Start by installing the extension. Click the extensions icon in your toolbar or search for “Firefox Multi-Account Containers” in the Firefox Add-ons store. There are multiple container extensions, so make sure to choose the official version authored by Firefox.

Screenshot showing how to access firefox extensions

When enabled, it comes with some pre-configured containers. You can delete or rename them as you desire.

Firefox containers screen1

To edit, delete, or reorder, select the Manage Containers button.
In the following window, the “hamburgers” allow you to reorder the containers. You can also click on a container name to modify or delete a container (not shown).

Containers manage screen

Creating a new container is as simple as giving it a name, choosing a colour, and selecting an icon. There aren’t a lot of options. This is a fairly simple extension, but it does what we need.

New container screen

The color-coded borders and icons make it easy to identify which account or environment each tab belongs to. For instance, you can set “Prod” to red and “Dev” to green for quick visual differentiation.

Color coded browser tabs

WHICH IS BEST?

So, which option is right for you? It depends on your needs.
For occasional multi-session access: AWS’ built-in support is simple to configure and works seamlessly within your preferred browser.
For heavy multi-account users: Firefox Multi-Account Containers is a powerful tool, especially if you manage accounts for multiple customers.

For me, working at a consultancy, I deal with multiple customers. Having the Firefox Mult-Account Containers is a godsend. I often connect to multiple AWS accounts, and the coloured tabs help me track who I’m connected to. I will likely make use of the AWS multi-session feature, though. Apart from containers for each customer, I also have a “Misc” container. I use that when I want multiple accounts open for one customer. Using a mix of Firefox Multi-Account Containers, and AWS multi-session support will give me the best of both worlds.

WRAP UP

The new AWS multi-session feature is a fantastic first step, and I’m sure it will improve over time. Meanwhile, Firefox Multi-Account Containers continues to be my go-to for more complex workflows. Try them out and see what works best for your needs. Let me know in the comments how you manage multiple AWS accounts!

Reinvent your career. Join DEV.

It takes one minute and is worth it for your career.

Get started

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay