/aws-go-console

A utility package to get short time AWS console access for custom identity broken entity.

Primary LanguageGoApache License 2.0Apache-2.0

Go Report Card Go Reference

aws-go-console

A helper package provides short-lived (scoped based) token/url for AWS console. It is based on the documentation provided by AWS.

Package console have following use cases:

  • Give federated access to a user via AWS Management Console without an IAM User.
  • Allow users who sign in to your organization's network securely access the AWS Management Console.

example

In following example we get sign-in url with read-only access to Elastic Container Registry (ECR) via AWS console:

// create AWS session using one of credentials provider e.g env variables
sess, _ := session.NewSession()

// create console and get a token with ECR read-only scope
con := console.New(sess)
token, _ := con.SignInTokenWithArn("example", "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly")

// create a url with ECR as destination which can be opened in browser directly
url, _ := token.SignInURL("https://console.aws.amazon.com/ecr")

with running example as follows:

Console Example