A Chrome extension that simplifies sharing AWS Console resource links by providing URL cleaning and deep link generation capabilities. Perfect for teams working across multiple AWS accounts and roles.
- Clean URLs: Remove account-specific prefixes from AWS Console URLs for universal sharing
- Deep Link Generation: Create AWS SSO deep links for cross-account access
- Flexible Role Selection: Choose how roles are determined for deep links
- One-Click Copy: Automatically copies generated URLs to clipboard
- Smart Detection: Only activates on AWS Console pages
- Error Handling: Clear error messages and fallback options
- Installation
- Screenshots
- Quick Start
- Features Overview
- Role Selection Strategies
- Configuration
- Use Cases
- Troubleshooting
- Development
Coming soon - Extension will be available on the Chrome Web Store.
- Clone or download this repository
- Build the extension:
npm install npm run build
- Load in Chrome:
- Open Chrome and go to
chrome://extensions/ - Enable Developer mode (toggle in top-right)
- Click "Load unpacked"
- Select the
distfolder from this project
- Open Chrome and go to
- Pin the extension (optional):
- Click the puzzle piece icon in Chrome's toolbar
- Find "AWS Console Link Sharer" and click the pin icon
The extension popup shows your current AWS Console URL and provides two main actions:
Key Features Shown:
- Current URL display with account ID redacted for privacy
- Clean URL button to remove account-specific prefixes
- Generate Deep Link button to create AWS SSO deep links
- Generated URL output with copy functionality
- Success confirmation message
Configure the extension to work with your organization's AWS SSO setup:
Configuration Options:
- AWS SSO Subdomain: Your organization's SSO domain (e.g., "acme" for acme.awsapps.com)
- Default Action: Choose which button is highlighted by default
- Role Selection Strategy: Control how roles are determined for deep links
- Default Role Name: Fallback role for deep link generation
- Account-Role Mapping: Map specific accounts to specific roles
- Notification Settings: Control success/error message display
- Configure AWS SSO Subdomain (required for deep links):
- Click the extension icon β "Settings"
- Enter your organization's AWS SSO subdomain
- Example: If your SSO URL is
https://mycompany.awsapps.com, entermycompany - Click "Save Settings"
- Navigate to any AWS Console page
- Click the extension icon in your toolbar
- Choose an action:
- Clean URL: Remove account-specific prefixes
- Generate Deep Link: Create cross-account SSO link
- URL is automatically copied to your clipboard β¨
Converts account-specific AWS Console URLs into universal format:
Before (Multi-account URL):
https://123456789012-abc123def.eu-west-1.console.aws.amazon.com/cloudwatch/home?region=eu-west-1
After (Clean URL):
https://eu-west-1.console.aws.amazon.com/cloudwatch/home?region=eu-west-1
Benefits:
- Share links that work regardless of how users access AWS
- Create bookmarks that work across different account access methods
- Cleaner, more professional URLs for documentation
Creates AWS SSO deep links that automatically authenticate users to the correct account and role:
Generated Deep Link:
https://mycompany.awsapps.com/start/#/console?account_id=123456789012&role_name=PlatformAccess&destination=https://eu-west-1.console.aws.amazon.com/cloudwatch/home
Benefits:
- Recipients automatically land in the correct AWS account
- No manual account/role switching required
- Perfect for cross-account team collaboration
The extension offers three strategies for determining which role to use in deep links:
Uses the role from your current AWS Console session.
When to use:
- You want deep links to use whatever role you're currently using
- Simple setup with no additional configuration needed
Example:
- You're logged in as
PlatformAccess - Deep links will use
PlatformAccess
Always uses a specific role regardless of your current session.
Configuration:
- Go to Settings β Role Selection Strategy β "Use Default Role"
- Enter your preferred role name (e.g.,
DeveloperAccess) - Save settings
When to use:
- You want all deep links to use a consistent role
- You have a "standard" role that most team members should use
- You're currently using an admin role but want to share links for a regular role
Example:
- Default role set to:
DeveloperAccess - Even if you're logged in as
AdminAccess, deep links will useDeveloperAccess
Maps specific roles to specific AWS accounts, with fallback options.
Configuration:
- Go to Settings β Role Selection Strategy β "Use Account-Role Mapping"
- Enter account-role pairs in the format
AccountID:RoleName(one per line):123456789012:PlatformAdministratorAccess 987654321098:DeveloperAccess 555666777888:ReadOnlyAccess - Optionally set a default role as fallback
- Save settings
When to use:
- Different accounts require different roles
- You work across multiple accounts with varying access levels
- You want fine-grained control over role selection
Example Configuration:
Production Account (123456789012): ReadOnlyAccess
Development Account (987654321098): DeveloperAccess
Staging Account (555666777888): PlatformAccess
Default Role: ViewOnlyAccess
How it works:
- Check mapping: If current account ID exists in mapping β use mapped role
- Fallback to default: If no mapping found β use default role (if configured)
- Final fallback: If no default role β use current logged-in role
Access via: Extension icon β "Settings" or right-click extension β "Options"
| Setting | Description | Required |
|---|---|---|
| AWS SSO Subdomain | Your organization's SSO subdomain (e.g., mycompany) |
Yes (for deep links) |
| Default Action | Which button to highlight by default | No |
| Role Selection Strategy | How to determine role for deep links | No |
| Default Role Name | Role to use for "Default" or "Account-Map" strategies | Conditional |
| Account-Role Mapping | Account ID to role name mappings | Conditional |
| Show Notifications | Display success/error messages | No |
| Auto-close Popup | Close popup after successful action | No |
Role Selection Strategy: Use Default Role
Default Role Name: PlatformAccess
Role Selection Strategy: Use Account-Role Mapping
Default Role Name: ViewOnlyAccess
Account-Role Mapping:
123456789012:PlatformAdministratorAccess
987654321098:DeveloperAccess
555666777888:ReadOnlyAccess
Scenario: Share AWS Console links with team members
- Clean URLs: For documentation, wikis, or general sharing
- Deep Links: For specific tasks requiring account/role context
Scenario: Work across development, staging, and production accounts
- Account-Role Mapping: Different roles for different environments
- Automatic switching: Recipients land in correct account with appropriate permissions
Scenario: Create training materials or runbooks
- Clean URLs: Universal links that work for anyone
- Consistent roles: Use default role strategy for standardized access
Scenario: Support team needs access to specific resources
- Deep Links: Direct access to exact resources with appropriate role
- Role mapping: Different support levels for different accounts
Scenario: Quickly share links during incidents
- One-click generation: Fast URL creation and copying
- Auto-close popup: Streamlined workflow during time-sensitive situations
Issue: Extension icon is grayed out or doesn't respond
- Solution: Ensure you're on an AWS Console page (
*.console.aws.amazon.com) - Check: Extension is enabled in
chrome://extensions/
Issue: "Unable to extract AWS session information"
- Cause: Not logged into AWS Console or page not fully loaded
- Solution:
- Ensure you're logged into AWS Console
- Refresh the page and wait for it to fully load
- Check that account ID is visible in the AWS Console header
Issue: "AWS SSO subdomain not configured"
- Solution: Go to Settings and enter your organization's SSO subdomain
Issue: "Role name could not be extracted"
- Cause: Not using AWS SSO authentication
- Solution: Deep links require AWS SSO. For IAM users, use Clean URL feature instead
Issue: Deep links use wrong role despite configuration
- Check: Settings are saved (refresh extension after changes)
- Verify: Role names match exactly (case-sensitive)
- Debug: Check browser console for error messages
Issue: URL not copied automatically
- Cause: Browser security restrictions
- Fallback: Manual copy button will be available
- Solution: Ensure Chrome has clipboard permissions
- Node.js 20+ and npm
- Chrome browser (version 88 or higher for Manifest V3 support)
- Git
This extension uses Manifest V3 and is compatible with:
- β Google Chrome (version 88+)
- β Microsoft Edge (version 88+)
- β Other Chromium-based browsers with Manifest V3 support
Note: This extension is specifically designed for AWS Console usage and requires AWS SSO for deep link functionality.
# Clone repository
git clone https://github.com/ryancormack/aws-console-share-extension.git
cd aws-console-share-extension
# Install dependencies
npm install
# Build extension
npm run build
# Watch for changes (development)
npm run watchsrc/
βββ manifest.json # Extension manifest
βββ background.ts # Service worker
βββ content/
β βββ content.ts # Content script (AWS session extraction)
βββ popup/
β βββ popup.html # Main UI
β βββ popup.ts # UI logic
β βββ popup.css # Styling
βββ options/
β βββ options.html # Settings page
β βββ options.ts # Settings logic
β βββ options.css # Settings styling
βββ types/
β βββ index.ts # TypeScript definitions
βββ icons/ # Extension icons
# Run unit tests
npm test
# Run tests with UI
npm run test:ui
# Run tests once
npm run test:run# Clean build
npm run clean
# Full build
npm run build
# Copy assets only
npm run copy-assetsThis extension takes your security and privacy seriously:
- Local Storage Only: All settings are stored locally in your browser using Chrome's storage API
- No Data Collection: The extension does not collect, transmit, or store any user data externally
- Minimal Permissions: Requests only the essential permissions needed for functionality:
activeTab: To read the current AWS Console URL only when you click the extensionstorage: To save your preferences locallyscripting: To extract session information from AWS Console pages
- Limited Scope: Only activates on AWS Console domains (
*.console.aws.amazon.com) - No Network Calls: The extension does not make any external network requests
- Open Source: Full source code is available for review
The extension only accesses:
- Current URL: To clean or generate deep links
- AWS Session Info: Account ID and role name from the AWS Console page (never stored or transmitted)
- User Preferences: Your SSO subdomain, default role, and other settings (stored locally only)
| Permission | Why It's Needed | When It's Used |
|---|---|---|
activeTab |
Read current AWS Console URL | Only when you click the extension icon |
storage |
Save your settings locally | When you update settings |
scripting |
Extract AWS account/role info | When generating deep links |
host_permissions |
Access AWS Console pages | Limited to *.console.aws.amazon.com only |
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository at github.com/ryancormack/aws-console-share-extension
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes and test thoroughly
- Run tests:
npm test - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
If you encounter issues or have questions:
- Search existing GitHub Issues
- Create a new issue with:
- Chrome version
- Extension version
- Steps to reproduce
- Error messages (if any)
- Initial release
- URL cleaning functionality
- Deep link generation
- Flexible role selection strategies
- Auto-copy to clipboard
- Comprehensive error handling
Made with Q and Claude for AWS teams everywhere