Ivan Tomica

AWS Vault login on Windows

I’ve since evolved this script a bit and have published it on GitHub: https://github.com/ivantomica/AWSVault

To log in into AWS I prefer to use small function which calls aws-vault utility and gets URL to login to specific AWS account and then opens that AWS account in its own container tab in Firefox.

Reason for this is that my natural habitat is terminal, or textual interface in general, so invoking thing from there instead of doing 20 clicks through interface somehow feels better to me.

In order to achieve above noted behavior I am using Open URL in container Firefox extension which registers handler for ext+container URL prefix and sens some arguments to that extension for further processing.

Anyhow, I had this simple Bash Function which I stole somewhere which helped me do the right thing on Linux

# define aws-vault login alias and autocomplete profiles
function avl() {
  FIREFOX="/usr/bin/firefox"
  LOGIN_URL=$(aws-vault login --stdout "${1}")
  [[ $? != 0 ]] && echo "${LOGIN_URL}" && return
  ENCODED_URL="${LOGIN_URL//&/%26}"
  URI_HANDLER="ext+container:name=${1}&url=${ENCODED_URL}"
  "${FIREFOX}" "${URI_HANDLER}"
}

That worked perfect. But as I have recently started playing around with Windows (will perhaps write an article on that someday) I wanted to have same functionality within PowerShell. So here’s my PowerShell version of above noted script:

function avl([parameter(Mandatory=$true)][string]$profile_name) { 

    $aws_vault_login_stdout = (aws-vault login --stdout $profile_name)
    $aws_vault_login_url = $aws_vault_login_stdout.replace("&", "%26")

    & "C:\Program Files\Mozilla Firefox\firefox.exe" "ext+container:name=$profile_name&url=$aws_vault_login_url"
}

I have following assumptions as you can see:

  • Firefox executable is C:\Program Files\Mozilla Firefox\firefox.exe
  • aws-vault utility is installed and added to your PATH (I have it in C:\Program Files\Custom programs\ which I have added to my PATH)

If you fail to provide argument to the script, it will ask you for $profile_name which is the value of both your profile name in aws-vault and name of the Firefox container (just my use-case).

Finally, to install this damn thing you have to save it in a file named somewhat like: avl.psm1 inside the folder with the same name (avl). Then that folder has to be copied to your PowerShell module load path (C:\Program Files\WindowsPowerShell\Modules\ or any other path in your load path $env:PSModulePath)

About 
Sysadmin on the everlasting journey of learning.

2 Comments

  1. Hrvoje Matić

    2020-09-11 - 16:47
    Reply

    Isn’t this supported by aws-vault now?
    “aws-vault login profilename”

    • Ivan Tomica

      2020-10-09 - 15:42
      Reply

      That has always been the case, but the issue here is that this opens up in default profile, outside of the container. Combination of mentioned extension and simple function noted above, helps you open up specific AWS profile in specific Firefox container :-)

Leave a Reply

Your email address will not be published. Required fields are marked *