Skip to content

Instantly share code, notes, and snippets.

@josh-padnick

josh-padnick/README.md

Last active March 16, 2024 15:19
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save josh-padnick/037b78fa61414ddcc86e3cbdaf643a8a to your computer and use it in GitHub Desktop.
Save josh-padnick/037b78fa61414ddcc86e3cbdaf643a8a to your computer and use it in GitHub Desktop.
Download ZIP
Manually Edit AWS Console "Switch Role" Configuration in Bash
Raw
README.md

Manually Edit AWS Console "Switch Role" Configuration in Bash

Motivation

At Gruntwork, we work with multiple software teams. That means we have to modify the "Switch Role" history multiple times. But the only way to do that today is to delete your cookie and clear all AWS Console saved settings. That got old after a while, so these instructions enable you to modify the "Switch Roles" configuration directly.

The Big Picture

AWS stores "Switch Role" values in the noflush_awsc-roleInfo property of the cookie associated with the AWS Console. That values we need to modify are JSON objects that are URI encoded. Our approach will be to simply get the value from the cookie, decode it, edit it, re-encode it, and put it back into the cookie.

Prerequisites

  1. Make sure NodeJS is installed.
  2. Make sure jq is installed.
  3. These intructions assume the Google Chrome web browser.

Environment Setup

In your terminal, add the following bash aliases:

alias urlencode_js='node -e "console.log(encodeURIComponent(process.argv[1]))"'
alias urldecode_js='node -e "console.log(decodeURIComponent(process.argv[1]))"'

Instructions

  1. Using Google Chrome Dev Tools, visit the AWS console, copy the cookie value for the property noflush_awsc-roleInfo.

  2. Run the following in your terminal to get the JSON object:

     urldecode_js "<cookie-value>" | jq

  3. Make edits as desired in a separate text editor to get your updated JSON value.

  4. Re-encode it. We use -c to strip all whitespace.

    urlencode_js $(echo '<new-json-value>' | jq -c)

  5. Use Chrome Dev Tools to write that value back into the noflush_awsc-roleInfo property of the Cookie.

Open Issue

For some reason, pasting this value into the cookie doesn't work, and I have to move on from this 10-minute side project, but I'm guessing I'm one tweak away from having these instructions correct.

Alternatives

There's also an AWS Role Editor, though I'm personally paranoid about all Chrome extensions so I feel more comfortable doing these manual steps on my own.

@rswift
Copy link

rswift commented Mar 21, 2020

👍
nice one - thanks

@mccarthyp-snet
Copy link

i got this to work but it looks like it still only displays 5 roles in the Role History.

@sboardwell
Copy link

Worked great for me! 👍

@renatoasilva
Copy link

works like a charm. Thanks

@gab1one
Copy link

gab1one commented Jan 14, 2021

Awesome, thanks a lot 👍

@MaesterZ
Copy link

MaesterZ commented Sep 3, 2021

Also works with Firefox in the storage inspector (Shift+F9) Cookies section, filtering noflush_awsc-roleInfo and editing the value
https://developer.mozilla.org/en-US/docs/Tools/Storage_Inspector

@sboardwell
Copy link

Quick tip for those with more than 5 roles to manage and who don't want to install any plugin.

You can also use a static link to create a pre-filled "Switch Role" form which you can then apply. For example:

ACCT='123456789012'
ROLE='my-role'
NAME='My Role' # optional (defaults to "ROLE @ ACCT") 
COLOR='FBBF93' # optional (defaults to first)

open "https://signin.aws.amazon.com/switchrole?account=${ACCT}&roleName=${ROLE}&displayName=${NAME}&color=${COLOR}"

The possible values for the colors can be scraped from the website:

<div class="color-picker">
    <input id="color0" type="radio" value="F2B0A9" name="color" autocomplete="off" required="">
    <label for="color0" class="color-box">a</label>
    <input id="color1" type="radio" value="FBBF93" name="color" autocomplete="off">
    <label for="color1" class="color-box">a</label>
    <input id="color2" type="radio" value="FAD791" name="color" autocomplete="off">
    <label for="color2" class="color-box">a</label>
    <input id="color3" type="radio" value="B7CA9D" name="color" autocomplete="off">
    <label for="color3" class="color-box">a</label>
    <input id="color4" type="radio" value="99BCE3" name="color" autocomplete="off">
    <label for="color4" class="color-box">a</label>
    <input id="none" type="radio" value="" name="color">
    <label for="none" class="color-box">a</label>
</div>

@shihabno
Copy link

will you please elaborate more on "static link to create a pre-filled "Switch Role" form"?

@sboardwell
Copy link

@shihabno after authenticating initially with your main credentials, just build a URL as I've shown. Then you can either bookmark the URL, or have a script open a browser tab, e.g. open $URL or google-chrome $URL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment