The Akeyless Dev Hub

If you're looking for help with the only zero-trust, SaaS, unified platform for secrets management - you've come to the right place.

This is our documentation and updates center.

Documentation

AWS Console Access

Secure remote access to the AWS Console

You can enable secure remote access to AWS on the dynamic secret that generates ephemeral credentials for AWS. Users can then access AWS from the Secure Remote Access Portal, either over the web or using the native AWS CLI.

👍

Tip

Use Akeyless Connect command to access the AWS Console from any UNIX terminal.

Prerequisites

To enable secure remote access to AWS you need:

In addition, for users to access the AWS Console using CLI, you need:

Set Up Remote Access to the AWS Console from the Akeyless CLI

Let's set up remote access to the AWS Console using the Akeyless CLI. If you’d prefer, see how to do this from the Akeyless Console instead.

  1. Run the update-item command to define the following fields on the dynamic secret that specifies the AWS details and access credentials:
$ akeyless update-item --name <dynamic secret name> /
--secure-access-enable true /
--secure-access-aws-account-id <aws-account-id> /
--secure-access-aws-region <aws-region> /
--secure-access-aws-native-cli [true/false]  /
--secure-access-bastion-issuer </Path/to/SSH/Cert/Issuer>

where:

  • secure-access-aws-account-id: The AWS account ID, as defined in the dynamic secret.
  • *secure-access-aws-region:** Optional, only required to enable CLI access. the AWS region the user is permitted to access.
  • secure-access-aws-native-cli: Optional, specifies to use the native AWS CLI wrapper.
  • secure-access-bastion-issuer: Optional, only required to enable CLI access. The path to the SSH certificate issuer that should be used for certificate authentication.

Set Up Remote Access to the AWS Console from the Akeyless Console

Let's set up remote access to the AWS Console from the Akeyless Console. If you'd prefer, see how to do this from the Akeyless CLI instead.

  1. Log in to the Akeyless Console and go to Secrets & Keys.

  2. Select the dynamic secret that specifies the AWS details and access credentials.

  3. Expend the Secure Remote Access menu, select the pencil icon and enable the Secure Remote Access ,then fill the following fields:

  • AWS Accound ID : The AWS account ID, as defined in the dynamic secret.

For Web Access:

  • Secure Web Browsing: Optional, secure web browsing over isolated web browser available only with Web Access Bastion.

For CLI Access:

  • Default Region: Optional, only required to enable CLI access, the AWS region the user is permitted to access.
  • bastion-issuer: Optional, only required to enable CLI access. The path to the SSH certificate issuer that should be used for certificate authentication.
  • AWS Native CLI: Optional, specifies to use the native AWS CLI wrapper.
  1. To the right of the Enable Secure Remote Access field, select the tick mark icon to save your changes.

Access the AWS Console over the Web from the Secure Remote Access Portal

  1. Log in to the Secure Remote Access Portal and select AWS Console.

  2. Select the required target, then select Web.
    A new tab opens to the AWS Console sign-in page, and Akeyless injects the credentials generated by the dynamic secret for the temporary user.

📘

The temporary user is created when you request access to the AWS Console. As this may take a few seconds, please wait a few seconds for the credentials to be injected before you try sign in.

Access the AWS Console Using CLI from the Secure Remote Access Portal

  1. Log in to the Secure Remote Access Portal and select AWS Console.

  2. Select the required target, then select CLI.
    A new tab opens, showing that you are connected to the AWS Console.

Access the AWS Console using Akeyless connect command

Akeyless Connect command enables application native CLI access:

akeyless connect -c my-ssh-cert-issuer -v <via-bastion>:<port> -n "/path/to/AWS-dynamic-secret"

Updated about a month ago

AWS Console Access


Secure remote access to the AWS Console

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.