Managing multiple AWS accounts and switching roles can become challenging, especially in enterprise environments with complex access control requirements. Enter ‘awsume’, a lightweight command-line utility that simplifies AWS account navigation, making it easier to assume roles and manage multiple AWS sessions efficiently. In this guide, we will explore how to set up and leverage awesome for seamless multi-account management, covering everything from installation to advanced features.

Introduction to ‘awsume’: Simplifying AWS Account Navigation

AWS organizations often employ multiple accounts for security, isolation, or billing purposes. While AWS CLI provides the means to assume roles across accounts, managing these roles manually can quickly become cumbersome. ‘awsume’ streamlines this process by caching session tokens, simplifying role assumptions, and allowing users to switch between accounts effortlessly.

With awsume, you no longer need to export environment variables or deal with expiring session tokens manually. It handles the heavy lifting of assuming roles, updating session tokens, and managing profile switching, making your AWS workflow much smoother.

Getting Started with ‘awsume’: Installation and Configuration

Setting up awsume is simple. Follow these steps to get started:

  1. Install awsume: First, ensure you have Python 3 installed, then install awsume via pip:
    pip install awsume
  2. Configure AWS CLI: Ensure your AWS credentials are set up in ~/.aws/credentials and roles defined in ~/.aws/config. Your profiles should be structured like this:
    [profile admin-account]

role_arn = arn:aws:iam::123456789012:role/AdminRole

source_profile = default

  1. Run awsume: You can assume roles or switch between accounts by running:
    awsume admin-account

This command will assume the role associated with the admin account profile and export the necessary environment variables for you.

Effortless Role Assumption: Switching Between AWS Accounts and Roles

One of Awesome’s most valuable features is the ability to seamlessly switch between multiple AWS accounts and roles. Using the profiles configured in your ~/.aws/config file, Awesome makes it easy to jump between environments without needing to re-authenticate.

When working in an environment with multiple AWS accounts, such as development, staging, and production, awsume helps reduce the risk of human error by managing your session credentials for you. With a single command, you can move between accounts and ensure you always operate in the correct environment.

Advanced ‘awsume’ Features: Role Chaining and Custom Plugins

Awsume is more than just a simple session management tool. It supports role chaining, allowing you to assume a role in one account based on another role in a different account. This is especially useful in large organizations with complex role hierarchies.

For even more customization, awsume supports plugins that extend its functionality. For example, you can write custom plugins to perform additional actions after assuming a role, such as logging activity, updating a dashboard, or alerting team members.

To create a custom plugin, write a Python function and place it in the ~/.awsume/plugins/ directory. Awesome plugins’ flexibility allows for deeper integration with your organization’s specific needs.

Integrating ‘awsume’ in Python: Managing AWS Sessions Programmatically

If you’re developing Python applications or automation scripts that interact with AWS, awsume can help manage AWS credentials programmatically. You can easily integrate awsume into your Python projects to assume roles and manage session tokens within your code.

Here’s an example of how to integrate awsume into a Python script:

import awsume

profile = ‘admin-account’

credentials = awsume.fetch_credentials(profile)

# Use credentials to interact with AWS SDK (boto3)

import boto3

session = boto3.Session(

    aws_access_key_id=credentials.access_key,

    aws_secret_access_key=credentials.secret_key,

    aws_session_token=credentials.session_token

)

This enables you to manage AWS sessions dynamically and securely, especially when dealing with multiple accounts and roles within automation workflows.

The Power of ‘awsume’: Enhanced Security and Efficiency

Security is a primary concern when managing multiple AWS accounts. Awsume enhances security by caching session tokens locally, reducing the risk of exposing long-lived credentials. The session tokens expire automatically, ensuring that your credentials are always rotated and up-to-date.

Additionally, awsume improves efficiency by allowing users to assume roles without having to constantly authenticate or manually export environment variables. This is particularly useful for teams that need to switch between accounts frequently or handle multiple environments.

Conclusion: Streamlining Your AWS Experience with ‘awsume’

Whether you’re managing a few AWS accounts or hundreds, awsume offers a streamlined, secure, and efficient way to handle multiple roles and sessions. From basic account switching to advanced role chaining and custom plugins, awsume empowers AWS users to optimize their workflows and reduce the friction of multi-account management.

With awsume, AWS account navigation becomes faster, safer, and more scalable, allowing you to focus on building and deploying in the cloud with confidence.

References

Managing the multi-account environment using AWS Organizations and AWS Control Tower

Organizing Your AWS Environment Using Multiple Accounts