Skip to content

Instantly share code, notes, and snippets.

@bhavanki

bhavanki/aws-console

Last active March 28, 2025 19:59
Show Gist options
  • Save bhavanki/0af4e77f786d37183bb6219206221473 to your computer and use it in GitHub Desktop.
Save bhavanki/0af4e77f786d37183bb6219206221473 to your computer and use it in GitHub Desktop.
Download ZIP
A bash script to pop open the AWS console after establishing credentials in the environment
Raw
aws-console
#!/usr/bin/env bash
set -e
# references:
# https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
# https://rodelllemit.medium.com/aws-pentesting-abusing-sts-sts-getfederationtoken-permission-68579c6b9a96
# https://github.com/b-b3rn4rd/awscli-console-plugin/blob/master/console.go
# https://stackoverflow.com/questions/71758013
#federation_payload="{\"sessionId\":\""${AWS_ACCESS_KEY_ID}"\",\"sessionKey\":\""${AWS_SECRET_ACCESS_KEY}"\",\"sessionToken\":\""${AWS_SESSION_TOKEN}"\"}"
federation_payload=$(echo -n "{\"sessionId\":\"$AWS_ACCESS_KEY_ID\",\"sessionKey\":\"$AWS_SECRET_ACCESS_KEY\",\"sessionToken\":\"$AWS_SESSION_TOKEN\"}")
federation_url="https://signin.aws.amazon.com/federation"
# that's Lieutenant Commander Data to you
federation_data=(
"--data-urlencode" "Action=getSigninToken"
"--data-urlencode" "SessionDuration=43200"
"--data-urlencode" "Session=${federation_payload}"
)
federation_response=$(curl -s --get "${federation_data[@]}" "$federation_url")
signin_token=$(jq -r '.SigninToken' <<< "$federation_response")
login_url="${federation_url}?Action=login&Issuer=aws-console&Destination=https%3a%2f%2fconsole.aws.amazon.com%2f&SigninToken=${signin_token}"
open "$login_url"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment