PowerShell script to generate a presigned URL for console login, using long-term credentials instead of a password.

ConsoleGenerator.ps1

#Requires -Modules AWSPowerShell
 
 #todo: iterate profiles with get-awscredential -listprofiledetail and allow selection at runtime, set up multiple policies
 #Use:
 # ConsoleGenerator.ps1
 #   Description: Generate presigned URL for AWS console login.<BR>
 #   Supported parameters:
 #      -profile <profileID> #ID from your .aws/config file>
 #      -label <label> #role descriptor to show in the console.
 #by https://github.com/trackzero
 
 # you'll need a default profile in %userprofile%\.aws\config
 
 Param(
     $profile='default',
     $label = 'admin'
     )
 
 # change policy to adjust permissions on the fly....
 
 $policy='{
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Action": "*",
       "Resource": "*"
     }
   ]
 }'
 
 Set-AWSCredential -ProfileName $profile
 $session=Get-STSFederationToken -Name $label-$profile -Policy $policy -DurationInSeconds 43200
 
 $session_json=@{
     sessionId = $session.Credentials.AccessKeyId
     sessionKey=$session.Credentials.SecretAccessKey
     sessionToken=$session.Credentials.SessionToken
     } | ConvertTo-Json -Compress
 
 $signin_url = "https://signin.aws.amazon.com/federation"
 $console_url = "https://console.aws.amazon.com/"
 
 $session_json=[uri]::EscapeDataString($session_json)
 
 $get_signin_token_url = $signin_url + "?Action=getSigninToken" + "&SessionType=json&Session=" + $session_json
 
 $returned_content=Invoke-Webrequest -Uri $get_signin_token_url
 $signin_token=$returned_content.Content|ConvertFrom-Json
 $signin_token=$signin_token.SigninToken
 $signin_token=[uri]::EscapeDataString($signin_token)
 $console_url=[uri]::EscapeDataString($console_url)
 
 $login_url=$signin_url + "?Action=login" + "&SigninToken=" + $signin_token + "&Destination=" + $console_url
 
 Set-Clipboard $login_url
 Start-Process $login_url