How to Efficiently Handle Several AWS Accounts: 6 Proven Methods
I'm a curious Geek with an insatiable thirst to learn new technologies and enjoy the process every day. I aim to deliver high-quality services with the highest standards and cutting-edge DevOps technologies to make people's lives easier.
Introduction
As cloud practitioners, we follow best practices and use multi-account environments. This frequently led to situations where we were cross-referencing resources or viewing logs across multiple accounts. When using the AWS console this becomes quite painful as only one account and region is accessible at a time per browser.
Yes, one way to solve this is to simply stop using the console and develop your own abstractions and visualisation layer on top of AWS’s APIs. However, the native console can be a useful tool for viewing your cloud resources as it provides a user-friendly interface with real-time data, built-in visualizations, and quick access to service-specific dashboards. The AWS console enables intuitive navigation, reducing the need for CLI commands or API calls for simple tasks. It also offers service-specific features like CloudWatch dashboards, cost breakdowns in AWS Billing, and graphical representations of networking components such as VPCs.
TL;DR
Managing multiple AWS accounts efficiently requires selecting the right tool based on workflow preferences and security requirements. Here is an overview of each tool in this post:
CloudGlance is ideal for those who need a GUI-based solution to manage multiple AWS accounts, organize credentials, and simplify SSH and port forwarding. It supports Firefox Containers for multi-session access and provides Git integration for team collaboration. This makes it particularly useful for DevOps engineers and teams managing complex AWS environments.
Granted is a CLI-first tool that optimizes role-switching while keeping credentials encrypted. It is designed for users who prefer a fast, terminal-based approach to access multiple AWS accounts securely. While it lacks a GUI and SSH support, it excels in secure authentication and speed.
Firefox Extensions like Multi-Account Containers offer a lightweight and browser-based way to manage AWS sessions. These extensions help with isolating AWS accounts in different containers, making them a good quick solution for those who mainly work within the AWS Console. However, they lack advanced features like credential management/encryption, SSH, or team collaboration.
AWS Extend Switch Roles is a browser extension for Chrome and Firefox that enhances AWS’s native role-switching experience. It provides a quick and convenient way to switch between IAM roles inside the AWS Console without needing to re-enter credentials. However, it does not offer multi-session support like CloudGlance or AWS's built-in solution, nor does it handle SSH or team collaboration.
AWS Built-in Multi-Account Manager, introduced in January 2025, provides a seamless multi-session experience directly within the AWS Console. It allows up to five concurrent sessions across different AWS accounts, eliminating the need for third-party tools for basic account switching. However, it does not support SSH, port forwarding, or external credential management.
Cloud Glance — GUI-Based AWS Account Manager
Intro
Managing multiple AWS accounts across different clients can be a daunting task, especially when switching between environments, accessing private networks, and troubleshooting infrastructure. CloudGlance is designed to simplify this process, providing a unified interface to streamline AWS account management and development workflows.
With CloudGlance, you can:
Group and visualize all your AWS accounts in a single, intuitive dashboard.
Easily access AWS Console links, making daily monitoring and troubleshooting more efficient.
Manage SSH connections by resolving port forwarding conflicts across multiple projects and clients.
For developers and DevOps engineers juggling several AWS accounts, CloudGlance eliminates the hassle of navigating through different environments. It provides quick access to CloudWatch Dashboards, service logs, and other AWS resources—all in one place.
Additionally, when working with SSH, managing VPNs or bastion hosts across multiple AWS environments can lead to port forwarding conflicts. CloudGlance offers visibility into local port usage and their respective forwarding destinations, preventing clashes and simplifying connectivity.
Currently free, CloudGlance may introduce premium options in the future. Stay tuned!
Features
CloudGlance manages your
~/.aws/credentialsso that you don't have to edit files manually. It's basically a GUI for your~/.awsfiles.Open multiple AWS consoles at the same time with Firefox Containers.
CloudGlance creates temporary credentials with STS from either your IAM Role, IAM User, IAM Federated login or AWS SSO as stored in your
~/.aws/credentials. MFA is supported.Export temporary STS credentials to your terminal or to another AWS profile.
Single-click navigation into your most loved AWS service console pages with the help of bookmarks.
Visualize & manage connections between bastions and available local ports used for port forwarding.
Both classic SSH(.pem) and AWS SSM are supported for port forwarding.
Built-in Git support to manage CloudGlance Profiles across your teams. Push, pull and merge JSON configuration profiles at the click of a button.
The option to encrypt sensitive information in your
~/.aws/credentialslike the aws_access_key_id and the aws_secret_access_key without breaking normal AWS CLI commands.The Cloud Glance CLI can communicate to the Cloud Glance GUI to obtain temporary credentials and prompt for any user input required, like MFA and SSO.
Installation
Before installing CloudGlance, ensure that you have AWS CLI Version 2 installed and properly configured on your system.
Download AWS CLI Version 2:
https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
Configuring AWS Accounts:
To improve account recognition within CloudGlance, you can assign meaningful names to your AWS accounts in your .aws configuration files. This makes it easier to distinguish between different environments.
Here’s an example of how to define multiple AWS accounts with custom names in your ~/.aws/config file:
Install Firefox and Required Extensions
To ensure CloudGlance works seamlessly, install Mozilla Firefox along with the necessary extensions:
Firefox Multi-Account Containers - Helps separate AWS accounts into different containers for better organization.
Open External Links in a Container – Ensures AWS console links open in the correct container.
Download CloudGlance
CloudGlance is available for Windows, macOS, and Linux.
Running CloudGlance on Linux
If you are using Linux, you may need to run the following commands to prevent errors:
chmod +x CloudGlance-0.0.131.AppImage
./CloudGlance-0.0.131.AppImage --no-sandbox
Configuration
In this demo, we will:
Create a profile in CloudGlance
Add two AWS IAM accounts to simplify access to their AWS Consoles with a single click
First, create a group:
You can create multiple groups in CloudGlance to better organize and manage your AWS accounts. For example, you might create separate groups for clients, projects, or environments (e.g., Development, Staging, Production).
Once your group is created, open it and start adding AWS IAM profiles. This allows you to quickly access different AWS accounts with a single click, improving efficiency when switching between environments.
Depending on your organization's setup, you need to select the appropriate profile type when adding AWS IAM accounts in CloudGlance. Below is a brief overview of each type:
1. IAM User – Role
Use Case: You have an existing IAM User who needs to assume an IAM Role (e.g.,
arn:aws:iam::123456789012:role/YourRoleName).Source Profile: Often requires specifying a “source” AWS profile (with user credentials) that can assume the target role.
Role ARN & External ID: You’ll provide the Role ARN and optionally an external ID if the role trust policy requires it.
STS Duration: Lets you set how long the temporary session is valid.
2. IAM User
Use Case: You have a standard IAM User with Access Key and Secret Key.
Direct Credentials: Stores (or references) those keys for direct usage without an intermediate role.
MFA Option: If your IAM policies require MFA, CloudGlance can prompt you for a code.
Federated Login: Typically can generate STS tokens to open the AWS Console or export environment variables.
3. SSO Profile
Use Case: When using AWS Single Sign-On (IAM Identity Center) to manage user credentials rather than an IAM user and password.
Browser-Based Flow: You typically authenticate in a browser with your SSO provider (Okta, Azure AD, etc.), and CloudGlance integrates with that.
Automatic Token Refresh: It retrieves short-lived credentials after you log in through SSO, often with MFA included in the SSO flow.
In this demo, I'll walk you through setting up two personal AWS accounts in CloudGlance using:
IAM User → Federated Login
The first account is called "shahin-new". Below is the configuration needed to add it to CloudGlance:
Now that we have defined our AWS profile in the ~/.aws/config file, let’s add it to CloudGlance for seamless access to the AWS Console.
Select "IAM User" – Choose the IAM User tab to configure access using AWS IAM credentials.
Select "Federated Login" – This allows login through AWS IAM credentials instead of CLI-only authentication.
Enter a Profile Name – This is the display name for the profile in CloudGlance. In this example, we use
"shahin-new".Firefox Container Name (Optional) – If using Firefox Multi-Account Containers, set a container name (e.g.,
"shahin-new"). Keeping it the same as the profile name helps with organization.Choose a Profile Color (Optional) – Assigning colors helps distinguish accounts visually.
Select the AWS Profile – Choose the AWS profile you previously configured in the
~/.aws/configfile.Access Key ID (Auto-Filled) – This field is automatically retrieved from your AWS credentials file.
Secret Access Key (Auto-Filled) – Also auto-filled from your AWS credentials.
Region (Auto-Filled) – The default AWS region is automatically retrieved. You can modify this if needed.
Assume Policies (Optional) – If your IAM user has permission to assume roles, you can specify any valid IAM policy ARN.
In this example, we use:
arn:aws:iam::aws:policy/AdministratorAccess
This grants full administrator permissions since the account owner needs unrestricted access.
Follow the same steps to add more AWS accounts, grouping them as needed for easier management.
The result will look like this, allowing you to open the AWS Console with a single click using the displayed button.
Site:
Docs:
Repo:
https://github.com/Systanics/CloudGlance
Granted — CLI-Based AWS Account Manager
Granted is a command line interface (CLI) tool which simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously. The goals of Granted are:
Provide a fast experience around finding and assuming roles
Leverage native browser functionality to allow multiple accounts to be accessed at once
Encrypt cached credentials to avoid plaintext SSO tokens being saved on disk
Installation
Make sure you have installed Firefox.
Also, make sure that the Granted Firefox extension is also installed:
AWS CLI v2 should also be installed and it should be configured as shown in the previous section.
aws configure sso and it will walk you through the process of setting up your profile file.Now you are ready to install Granted!
To install it on Windows:
To install it on Mac:
brew tap common-fate/granted
brew install granted
To install it on Linux:
# install GPG
sudo apt update && sudo apt install gpg
# download the Common Fate Linux GPG key
wget -O- https://apt.releases.commonfate.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/common-fate-linux.gpg
# you can check the fingerprint of the key by running
# gpg --no-default-keyring --keyring /usr/share/keyrings/common-fate-linux.gpg --fingerprint
# the fingerprint of our Linux Releases key is 783A 4D1A 3057 4D2A BED0 49DD DE9D 631D 2D1D C944
# add the Common Fate APT repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/common-fate-linux.gpg] https://apt.releases.commonfate.io stable main" | sudo tee /etc/apt/sources.list.d/common-fate.list
# update your repositories
sudo apt update
# install Granted
sudo apt install granted
# verify your installation
granted -v
Configuration
After installing Granted, open your terminal and run the assume command. Follow the prompts and provide answers based on your requirements or the provided screenshot.
Then, run the assume command again to configure your profile.
If you're using Linux, you'll be prompted to enter a password to create a new keyring. Enter your password and ensure you save it somewhere for future reference.
Finally, to open Firefox and access different accounts in separate isolated tabs:
assume -c <profile-name>
# Examples:
assume -c shahin-new
assume -c shahin-old
You can also use assume -c with the profile selector to quickly choose and open any AWS account you need:
The result will be the same as CloudGlance:
Additional options:
# Opening the console with a specific region
assume -c -r ap-southeast-1
# or
assume -c -r ap-southeast-1 role-a
# Opening the console to a specific service. -s stands for service
assume -s iam
Granted container cleanup
The Granted Firefox extension includes a menu where you can view and clear your tab containers. The menu should appear next to the settings icon as shown below.
Clicking on the icon shows a menu where you can clear your Granted tab containers, as shown below. This is useful if you have roles which you are no longer accessing and you’d like to declutter your tab container list.
Granted Official Website:
Docs:
https://docs.commonfate.io/granted/introduction
https://github.com/common-fate/granted
Using Firefox Extensions — Quick Solution
Container Tab Groups
This extension serves as an alternative to Firefox's official extension, offering additional features that are worth highlighting.
Download page:
After installation click the “Get Started” or close the side bar.
There are multiple ways to fully utilize the Container Tab Group extension. One option is the compact sidebar, while another is the panorama grid, an expanded and more user-friendly version that simplifies managing tab groups via containers.
To open the sidebar:
To open the panorama grid:
To manage multiple AWS accounts using this extension, open the sidebar, create as many containers as needed, and name them accordingly. Below is an example of two projects, each containing three accounts.
Alternative:
Download page:
https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
Using Firefox profiles
A Firefox profile is a user-specific directory where Mozilla Firefox stores personal data, settings, extensions, bookmarks, history, cookies, and preferences. Each profile operates independently, allowing multiple users to have different browsing environments on the same system.
Key Features
Isolation: Each profile has its own set of data, preventing interference between multiple users.
Customization: Profiles store user-specific preferences, including extensions, themes, and saved logins.
Performance Optimization: Creating a fresh profile can help resolve browser issues such as slow performance or crashes.
Multi-Profile Management: Firefox allows users to create and switch between multiple profiles using the Profile Manager.
Profile Location
The profiles are stored in different locations depending on the operating system:
Windows:
C:\Users\<YourUsername>\AppData\Roaming\Mozilla\Firefox\Profiles\Linux:
~/.mozilla/firefox/macOS:
~/Library/Application Support/Firefox/Profiles/
Managing Profiles
Open Firefox Profile Manager:
Run
about:profilesin Firefox address bar.Click “Create a New Profile”
Click Next
Choose a proper name, create a folder, choose it as your folder, and click finish
Then you can open, rename, or delete profiles as needed.
You can assign specific profiles for different projects and their stages such as Dev, Staging, or Prod.
You can find more info about Firefox profile manager here:
https://support.mozilla.org/en-US/kb/profile-manager-create-remove-switch-firefox-profiles
AWS Extend Switch Roles
When managing multiple AWS accounts or assuming different IAM roles, constantly switching between them in the AWS Console can be tedious. The AWS Extend Switch Roles extension for Firefox and Chrome makes this process seamless by allowing you to quickly switch roles without manually re-entering credentials.
This browser extension enhances the native AWS role-switching functionality, providing a cleaner UI, color-coded role indicators, and the ability to save multiple role configurations for quick access. In this section, we'll explore how to install, configure, and use AWS Extend Switch Roles effectively to boost productivity in multi-account AWS environments.
Installation
You can install this extension on both Chrome-based browsers and Firefox.
Download Chrome extension:
Download Firefox extension:
Configuration
After installation, left-click on the extension logo and navigate to the configuration section of the extension.
Enter your Role ARN and Region, configure the extension in INI format, and press Save.
Go to the account from which you want to switch roles, and the extension will begin functioning.
From this point, you can switch between as many roles as needed.
AWS Builtin Multi-Session Support — New Feature
On 16 Jan 2025 AWS announced multi-session support, which enables AWS customers to access multiple AWS accounts simultaneously in the AWS Console. AWS Customers can sign-in to up to 5 sessions in a single browser, and this can be any combination of root, IAM, or federated roles in different accounts or in the same account.
When you enable multi-session support, the console URL contains a subdomain (for example, https://000000000000-aaaaaaaa.us-east-1.console.aws.amazon.com/console/home?region=us-east-1). Be sure to update your bookmarks and console links.
You must opt-in to multi-session support by choosing Turn on multi-session in the account menu in the AWS Management Console, or by choosing Enable multi-session on https://console.aws.amazon.com/. You can opt-out of multi-sessions at any time by choosing Disable multi-session on https://console.aws.amazon.com/ or by clearing your browser cookies. Opt-in is browser-specific.
With add session, you can add up to 5 different accounts.
Conclusion
Table of Comparison
| Feature | CloudGlance | Granted | Firefox Extensions | AWS Extend Switch Roles | AWS Built-in Multi-Account |
| User Interface | GUI-based | CLI-based | GUI-based | Browser Extension (Firefox & Chrome) | GUI-based |
| Primary Usage | Multi-account AWS management | Fast role-switching & multi-account AWS access | Basic AWS multi-account separation | Quick IAM role switching in AWS Console | Native AWS Console multi-session |
| AWS Account Management | Group & visualize multiple AWS accounts | Assume multiple roles quickly | Manages AWS sessions via browser containers | Switch between multiple IAM roles easily | Up to 5 accounts managed simultaneously |
| Multi-Session Support | Yes (using Firefox Containers) | Yes (via browser session handling) | Yes (via containerization) | No native multi-session, but quick role-switching | Yes (up to 5 sessions in one browser) |
| Authentication Methods | IAM User, IAM Role, Federated Login, AWS SSO | IAM Role, AWS SSO | Browser-based authentication | IAM Role (configured via INI format) | Root, IAM User, Federated Login |
| AWS Console Access | One-click console access | Open AWS console via CLI | AWS console access via container tabs | Quick AWS Console access via role-switching | Native AWS console integration |
| SSH & Port Forwarding | Supports bastions & AWS SSM | No direct SSH support | No SSH support | No SSH support | No SSH support |
| Team Collaboration | Built-in Git support for team collaboration | No built-in team collaboration features | No team collaboration | No team collaboration features | No team collaboration |
| Browser Compatibility | Firefox (via extensions) | Firefox (via extension) | Firefox only | Firefox, Chrome | Any modern browser |
| Installation Complexity | Medium (requires AWS CLI v2, Firefox setup) | Medium (requires AWS CLI v2, terminal setup) | Low (simple extension installation) | Low (simple browser extension setup) | Very Low (enabled in AWS Console) |
| Encryption of Credentials | Yes (can encrypt ~/.aws/credentials) | Yes (encrypts cached credentials) | No built-in encryption | No built-in encryption | No built-in encryption |
| Free or Paid | Free for now (might become paid) | Free | Free | Free | Free |
Final Thoughts
CloudGlance is best for teams and DevOps professionals managing multiple AWS accounts with SSH access and port forwarding needs.
Granted is perfect for security-conscious CLI users who need quick and encrypted role-switching.
Firefox Extensions offer a simple, container-based solution for isolating AWS sessions, best suited for browser-heavy workflows.
AWS Extend Switch Roles is a convenient, browser-based IAM role-switcher, best for users frequently switching roles inside AWS Console.
AWS Built-in Multi-Account Manager is the easiest way to manage multiple AWS accounts within AWS Console but lacks flexibility beyond basic session handling.
Each tool has its own strengths, and the choice depends on whether you prioritize GUI, CLI, multi-session handling, SSH support, or security.
![Up and Running with kubectl-ai [PDF]](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1753898584930%2F01739f18-1331-4d48-b709-fc2750685607.png&w=3840&q=75)
![How to deal with DNS caches [PDF]](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1753101148740%2F9721c8d4-86d5-4ec8-b4f7-c317f7ccfe56.png&w=3840&q=75)
![Are Kubernetes Secrets Really Secure? [PDF]](/_next/image?url=https%3A%2F%2Fcdn.hashnode.com%2Fres%2Fhashnode%2Fimage%2Fupload%2Fv1752308392314%2F25995822-24ef-4fab-afa4-f88a806d9e89.png&w=3840&q=75)
