AWS Web Console Login Instructions
Access to DIT provided AWS accounts via the AWS console is a 2-step process which is outlined below. Users must first login as an IAM role based on their HR group, and from there they can assume 1 or more IAM roles related to functional tasks. These functional roles may be in multiple AWS accounts.
Login to the HR based IAM role
- Go to AWS Sign in.
- If not already authenticated to CAS, this will prompt you for your Directory ID and password, and to complete Multi-factor authentication.
- You will see a list of roles (typically just one) listed under Account headings. Unless instructed by DIT staff for troubleshooting purposes, you always want to choose a role under the umd-it-prod-iam account. Select the role and click Sign in. For this example the role selected is it-ee-se-student web.
Use the MyAWS web application to switch into a functional role
- Go to https://ittools.umd.edu/myaws/roles. Note: You must be connected to the VPN to access this site from off-campus.
- In the table associated with the HR role you selected in section 1 (example: it-ee-se-student-web), identify the AWS account and functional role you wish to assume and click on the role name (example: advise-Developer)
- This will take you to the AWS Switch Role screen, pre-populating the required fields. Click the blue Switch Role button at the bottom of the screen to be taken to the associated AWS account as the functional role.
- The AWS console will now indicate the role and account you are in the upper right hand corner of the header.
- This process can be repeated for any other AWS accounts and functional roles you have access to.