Creating shortcut links to Amazon Web Services Management Console destinations - Amazon IAM Identity Center
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating shortcut links to Amazon Web Services Management Console destinations

Shortcut links created in the Amazon Web Services access portal take IAM Identity Center users to a specific destination in the Amazon Web Services Management Console, with a specific permission set, and in a specific Amazon Web Services account.

Shortcut links save time for you and your collaborators. Instead of navigating to a desired destination URL in the Amazon Web Services Management Console (for example, an Amazon S3 bucket instance page) through multiple pages, including Amazon Web Services access portal, you can use a shortcut link to get to the same destination automatically.

Shortcut links have three destination options, listed here by priority:

  • (Optional) Any destination URL in the Amazon Web Services Management Console specified in the shortcut link. For example, the Amazon S3 bucket instance page.

  • (Optional) Administrator-configured relay state URL for the permission set in question. For more information about setting the relay state, see Set relay state.

  • Amazon Web Services Management Console home. The default destination if you don't specify one.

Note

Automatic navigation to a destination is successful only when you’re authenticated with IAM Identity Center and have the necessary permission set assigned for the Amazon account and destination URL.

The Amazon Web Services access portal includes a Create shortcut button that helps you create a shareable shortcut link. If you plan to specify a destination URL (the first option in the previous list), you can copy the URL to a clipboard to share it.

  1. While signed into the Amazon Web Services access portal, choose the Accounts tab and then choose the Create shortcut button.

  2. In the dialog box:

    1. Choose an Amazon Web Services account using the account ID or account name. As you type, a drop-down menu displays matching account IDs and names that you can access. You can choose only an account to which you have access.

    2. Optionally choose an IAM role from the drop-down list. These are the permission sets assigned to you for the selected account. If you omit choosing the role, users are prompted to select one assigned to them for the chosen account when using the shortcut link.

      Note

      You can't grant new access with shortcut links. Shortcut links work only with the permission sets already assigned to the user. If the user doesn't have the necessary permission sets assigned for the account and destination URL, they're denied access.

    3. Optionally enter the Amazon Web Services access portal destination URL. If you omit entering a URL, the destination is automatically determined when using the shortcut link, based on the previously-mentioned shortcut link destination options.

    4. Your shortcut link generates at the bottom of the dialog box, based on your input. Choose the Copy URL button. You can now create a bookmark with the copied shortcut link or share it with your collaborators who have access to the same account with the same permission set or another sufficient permission set.

All parameter values of the URL, including the account ID, permission set name, and destination URL, must be URL-encoded.

Shortcut links extend the Amazon Web Services access portal URL with the following path:

/#/console?account_id=[account_ID]&role_name=[permission_set_name]&destination=[destination_URL]

The full URL in the China Regions follows this pattern:

https://start.[region].home.awsapps.cn/directory/[directory_id_or_alias]/#/console?account_id=[account_ID]&role_name=[permission_set_name]&destination=[destination_URL]

Here's an example shortcut link that signs a user into account 123456789012 with the S3FullAccess permission set, and takes them to the S3 console home page:

  • https://start.cn-north-1.home.awsapps.cn/directory/example/#/console?account_id=123456789012&role_name=S3FullAccess&destination=https%3A%2F%2Fconsole.amazonaws.cn%2Fs3%2Fhome