AWS Security Token Service is a well-built and strong mechanism for providing short-term, revocable access across AWS accounts. Some organizations use this with Single Sign-On integrations like SAML, Okta, or Google, but AWS’s own native implementation of SSO cumbersome and unintuitive, especially for engineers or developers who need to switch accounts rapidly, or use the CLI.
Styx addresses this by establishing a secure, easy-to-use, and extensible platform for tracking and exposing multiple AWS accounts to a centralized one, facilitating the ‘management account’ best practice. Styx not only generates Switch Role links to allow for rapid switching between distinct accounts in the console, it also generates CLI credential files with AssumeRole entries. It’s easy enough for individuals to use, and scalable enough for even the largest enterprises or MSSPs.
Learn more or try it out on GitHub