On January 16, AWS made a game-changing announcement: native support for signing into multiple AWS accounts simultaneously. Previously, trying to log in to another account in a new tab would log you out of the first. This was a pain point for many of us juggling multiple AWS environments. Workarounds like Chrome profiles or the Firefox Multi-Account Containers plugin helped, but they had limitations.
In this blog, I’ll guide you through AWS’ new multi-session support, explore how Firefox Containers work, and share my thoughts on which solution works best.
AWS MULTI-SESSION SUPPORT
If you’re using a single AWS account for all your workloads, it’s time to rethink your approach! Managing multiple accounts is critical for security and organisation. Splitting environments (Dev, Test, Prod) into separate accounts reduces your blast radius—meaning if one account is compromised, the others remain safe. Now that you have a nice multi-account environment, how do you compare things between accounts or environments? Is something in Dev not talking to a bucket in Shared Services? How can you open the console in both accounts?
AWS now offers a native option to open multiple accounts. This works with AWS Identity Centre-configured roles, IAM User access, and cross-account roles. It is both simple and initially confusing.
When you log in to an account, you will be given an option to turn on multi-session support. This is something within your browser and doesn’t directly impact the AWS account you are connecting to. As such, it doesn’t matter what IAM permissions you have.
To enable this feature, go to the account dropdown and click the button to “Turn on multi-session support.”
Ensure you have pop-ups enabled because after clicking the button, you’ll get a pop-up with more information on what AWS multi-session support does and a final confirmation button.
After this, you now see a button to “Add session”.
Here’s where it might get confusing: when you click “Add session,” AWS directs you to the IAM user login screen.
If you’re using AWS Identity Center (formerly AWS SSO), don’t worry—you don’t need to use the “Add session” button. Connect to your next account as you usually would, and AWS will populate the session list automatically.
You keep connecting to accounts, and the active session list will keep getting populated.
Well, that is until you hit the five active session limit.
Similar to when you used to populate “Switch Role”, there is a limit to the number of sessions you can have. You also can’t opt out of removing a session once you hit the limit. That is a bit of an annoyance, but this is the early days for the feature, so AWS may do something about it.
HOW DO YOU SWAP SESSIONS?
Swapping sessions is straightforward. You go to the Account dropdown in the top right and choose one of the active sessions listed. AWS will then open a new tab with you logged into the AWS console for that account with the specified role. Simple!
There is no visual indicator for the different accounts, though. You need to look in the top right corner to see what account and role you are logged in to.
HOW DO YOU LOG IN TO A ROLE?
Cross-account roles are also supported in the new session window. If you click the dropdown on the “Add session” button, you can see any previously configured cross-account roles or add a new one.
Adding a new role is the same as always; you specify the account you want to connect to, the role to assume, and an optional name and colour. If you have an existing role, you can select it. Either option will open a new tab for you. That role will now show in the active sessions window.
FIREFOX MULT-ACCOUNT CONTAINERS
Firefox Multi-Account Containers is an extension designed to isolate browser activity across tabs. Each container acts as its own environment, meaning you can log in to different AWS accounts without interference. A container can have multiple associated tabs. Let me show you how to set it up and why it’s my go-to solution.
Start by installing the extension. Click the extensions icon in your toolbar or search for “Firefox Multi-Account Containers” in the Firefox Add-ons store. There are multiple container extensions, so make sure to choose the official version authored by Firefox.
When enabled, it comes with some pre-configured containers. You can delete or rename them as you desire.
To edit, delete, or reorder, select the Manage Containers button.
In the following window, the “hamburgers” allow you to reorder the containers. You can also click on a container name to modify or delete a container (not shown).
Creating a new container is as simple as giving it a name, choosing a colour, and selecting an icon. There aren’t a lot of options. This is a fairly simple extension, but it does what we need.
The color-coded borders and icons make it easy to identify which account or environment each tab belongs to. For instance, you can set “Prod” to red and “Dev” to green for quick visual differentiation.
WHICH IS BEST?
So, which option is right for you? It depends on your needs.
• For occasional multi-session access: AWS’ built-in support is simple to configure and works seamlessly within your preferred browser.
• For heavy multi-account users: Firefox Multi-Account Containers is a powerful tool, especially if you manage accounts for multiple customers.
For me, working at a consultancy, I deal with multiple customers. Having the Firefox Mult-Account Containers is a godsend. I often connect to multiple AWS accounts, and the coloured tabs help me track who I’m connected to. I will likely make use of the AWS multi-session feature, though. Apart from containers for each customer, I also have a “Misc” container. I use that when I want multiple accounts open for one customer. Using a mix of Firefox Multi-Account Containers, and AWS multi-session support will give me the best of both worlds.
WRAP UP
The new AWS multi-session feature is a fantastic first step, and I’m sure it will improve over time. Meanwhile, Firefox Multi-Account Containers continues to be my go-to for more complex workflows. Try them out and see what works best for your needs. Let me know in the comments how you manage multiple AWS accounts!
Top comments (0)