# Generate AWS Console Session

## Generating an AWS Console Session

* NetSPI developed a neat tool that will generate a web console sign-in URL with a valid set of long-term (e.g., IAM User access keys) or temporary (e.g., IAM Role) credentials and appropriate permissions
* This technique **does not provide any new permissions**, it just gives you access to the AWS console which can provide a better (and graphical) experience without trying to brute force your access via the CLI / API

***

### Installation&#x20;

* Code is also available on [GitHub](https://github.com/netspi/aws_consoler)

```bash
pip install aws-consoler
```

***

### Generate Web Console Sign-In URL

{% hint style="warning" %}
If using IAM User access keys, the user must have permissions to run `sts:GetFederationToken`
{% endhint %}

{% hint style="danger" %}
The user name will be **aws\_consoler** and will appear in logs so this is **not a stealthy approach**!

Consider writing your own custom script instead or do this manually [AWS Persistence](/cloud-security/aws/aws-offensive-security/aws-persistence.md#generating-temporary-aws-credentials-from-iam-user)
{% endhint %}

{% code overflow="wrap" %}

```bash
aws_consoler --profile tyler  
       
2025-11-09 11:29:51,395 [aws_consoler.logic] WARNING: Creds still permanent, creating federated session.

https://signin.aws.amazon.com/federation?Action=login&Issuer=consoler.local&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2Fconsole%2Fhome%3F&SigninToken=Lf4-EszViCQ9ha_CINm8HtvZjaxD4U[SNIP]
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.techwithtyler.dev/cloud-security/aws/aws-offensive-security/aws-attacks-and-techniques/generate-aws-console-session.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.