I work with many AWS accounts, some of which are IAM accounts and others where I have a root login.
Root accounts are less complex but IAM accounts have a URL including the account number which AWS (ultimately) redirects to console.aws.amazon.com.
Neither auto-fill nor custom URLs (even when set to exact) seem to be able to automate auto-fill for any specific account. Because everything ends up at the same URL, with varying query fields in that URL, I haven’t found a way to automate login effectively.
If you are using AWS with multiple accounts, how have you approached this issue?
I’m not a user of AWS, so someone else in the community may have a better suggestion, but would matching against the exact URL/URI help?
One of our examples in the Help Center for the exact match detection option has a query as part of the URL: Using URIs | Bitwarden Help Center
Could you provide some (suitably redacted) examples?
It seems that this should be solvable using the “Starts with” option, or in the worst case, using regexp matching.
The way AWS IAM user login works is:
1). User enters a URL containing the account number in the browser.
2). That URL redirects to the same URL as every other login of this type.
IOW, by the time Bitwarden is ready to auto-fill, it’s not the URL the user started on. And, for any given account number and region (AWS data center), the hostname and path will always be the same; only the OAuth query string changes.
Is there any part of the URL string that is reproducible each time that you log in to the same account, but that is different when you log in to a different account?
The “initial” URL is unique. But it redirects to a common URL.
What I need is a way to tell Bitwarden to honor the URL I put in and mark as “exact” even when redirected.
Bitwarden does not remember where you were redirected from. You can post a Feature Request if you wish.
But you said previously that “the OAuth query string changes”, so evidently it is not a common URL string, even if perhaps the FQDN is common.
So is there any part of the URL string that is reproducible each time that you log in to the same account, but that is different when you log in to a different account?
The OAuth query string is unique on each login so it’s not predictable.
In that case, there is nothing that can be done in the current implementation of Bitwarden’s browser extension.
The only work-around I can think of is a long-shot: Try to host your own web pages that render these AWS logins within an
iframe. If you create a unique web page for each account, then you might be able to get autofilling to work.