AWS Web Console Login Instructions

Access to DIT provided AWS accounts via the AWS console is a 2-step process which is outlined below. Users must first login as an IAM role based on their HR group, and from there they can assume 1 or more IAM roles related to functional tasks. These functional roles may be in multiple AWS accounts.


Login to the HR based IAM role

  1. Go to AWS Sign in.
  2. If not already authenticated to CAS, this will prompt you for your Directory ID and password, and to complete Multi-factor authentication.
  3. You will see a list of roles (typically just one) listed under Account headings. Unless instructed by DIT staff for troubleshooting purposes, you always want to choose a role under the umd-it-prod-iam account. Select the role and click Sign in. For this example the role selected is it-ee-se-student web.
    AWS sign-in role menu with the account, student web, and sign in highlighted


Use the MyAWS web application to switch into a functional role

  1. Go to Note: You must be connected to the VPN to access this site from off-campus.
  2. In the table associated with the HR role you selected in section 1 (example: it-ee-se-student-web), identify the AWS account and functional role you wish to assume and click on the role name (example: advise-Developer)
    AWS role switching with the current role and another role highlighted
  3. This will take you to the AWS Switch Role screen, pre-populating the required fields. Click the blue Switch Role button at the bottom of the screen to be taken to the associated AWS account as the functional role. 
  4. The AWS console will now indicate the role and account you are in the upper right hand corner of the header.
    AWS new role indication highlighted
  5. This process can be repeated for any other AWS accounts and functional roles you have access to.