Accessing the AWS Management Console#
Prerequisites#
You are a member of CUBoulder with a valid IdentiKey. Federated access to LCA1 from other institutions is not currently supported.
The DUO Multi-Factor Remote Access (MFA) app is installed and enrolled. Visit OIT’s DUO Multi-Factor Remote Access documentation to install and enroll MFA.
Single Sign-On#
Users access the AWS Management Console using their CU IdentiKey. The Single Sign-On (SSO) URL is https://aws.colorado.edu. You can access your AWS Account from anywhere with internet access. You do not need to have a VPN connection to campus.
Launch the AWS Management Console (SSO URL).
Provide your CU IdentiKey credentials.
Choose a method for authentication. We recommend you select “Send Me a Push”. NOTE: You may not see the MFA step if you’ve recently authenticated and have an active session.
Accept the MFA request on your device.
You will be presented with a list of account names and numbers to which you have access. Click on the name of the desired account to expand the roles allocated to you. Click on the name of the desired role to log into the AWS console as that role. Note: Your access to the account selection page is valid for 8 hours. Your access to any specific AWS account console is valid for 4 hours.
You will be logged in to the AWS Management Console. Always be sure to verify you have the AWS Region you are working with selected after logging in.
To log out from the AWS console for an account, click on your role name in the upper right corner and choose “Sign out”. To log out from the AWS account selection page, click your username in the upper right corner of the access portal and choose “Sign out”.