What is Granted?
Granted is a command line interface (CLI) application which simplifies access to cloud roles and allows multiple cloud accounts to be opened in your web browser simultaneously. The goals of Granted are:
- Provide a fast experience around finding and assuming roles;
- Leverage native browser functionality to allow multiple accounts to be accessed at once; and
- Encrypt cached credentials to avoid plaintext SSO tokens being saved on disk.
Why we created Granted
As cloud practitioners we follow best practices and use multi-account environments. This frequently led to situations where we were cross-referencing resources or viewing logs across multiple accounts. When using the AWS console this becomes quite painful as only one account and region is accessible at a time per browser.
Yes, one way to solve this is to simply stop using the console and develop your own abstractions and visualisation layer on top of AWS's APIs. However, we believe the native console can be a useful tool for viewing your cloud resources; namely because you don't need to build anything yourself in order to use it.
An additional motivation on developing Granted is the way that the AWS CLI handles session credentials when using AWS SSO. We're big fans of AWS SSO as it removes the need for long-lived IAM credentials; however the AWS CLI stores the SSO access token in plaintext. If this token is compromised it can be painful to revoke. Granted offers an improvement over the AWS CLI in this regard, as the SSO access token is stored in the system's keychain rather than on disk.
We've been using Granted internally for all our cloud access at Common Fate for the past few months and we've found it's greatly increased our productivity when working in the cloud.
Give it a try
To get started using Granted in AWS, follow this Getting Started guide and you will be up and running in about 5 minutes.
Let us know what you think
You can take a look at the open source project on GitHub here.
If you have any questions or need some help getting started, please reach out to one of our team members over in our Slack channel.