Skip to content

Access the AWS Cloud Console

Beginner 5 minutes Auto-generated screenshots

Overview

In this tutorial, you'll learn how to access the AWS Management Console directly through the RosettaHub Supercloud platform. This is ideal for cloud-experienced users who want to work in native AWS tools while benefiting from RosettaOps governance.

RosettaHub provides federated access via STS (Security Token Service). RosettaOps automatically creates IAM roles on your sandboxed AWS sub-account. When you click Go To AWS Console, you assume that role and receive a time-limited authenticated session -- no separate AWS credentials needed.

Your sub-account is isolated by Service Control Policies (SCPs) that enforce your organization's sandbox boundaries. You get the full power of the AWS Console within the permitted scope. If your budget is exceeded, SCPs automatically block resource-creating actions while preserving read-only and delete access.

Don't need the AWS Console?

If you prefer not to work directly in AWS, the MetaCloud lets you launch and manage resources through formations and one-click workflows -- no cloud expertise required. See Launching Your First Formation.

Prerequisites

  • [ ] RosettaHub account with an active AWS cloud account
  • [ ] Default cloud provider set to AWS
  • [ ] A modern web browser (Chrome, Firefox, Edge, or Safari)

Steps

Step 1: Set Your Default Cloud Provider to AWS

Ensure your default cloud provider is set to AWS. You can verify or change this from the cloud provider selector in the dashboard header.

Step 2: Select Your Cloud Account

If you have multiple cloud accounts, select the AWS cloud account you want to access. Most users have one cloud account per cloud provider.

You can see your available cloud accounts in the My Details section of the dashboard or in the Cloud Accounts panel.

Step 3: Open the AWS Console

Under My Details, locate the Go To AWS Console button. You have three options for how to open the console:

Icon Action
1st icon Open in the same browser window
2nd icon Open in a new browser tab
3rd icon Open in a new browser window

Click your preferred option to launch the AWS Console.

Step 4: Use the AWS Console

The AWS Console opens with an authenticated session in your dedicated AWS sub-account. You can now:

  • Launch and manage EC2 instances
  • Access S3 storage buckets
  • Configure networking and security groups
  • Use any AWS service permitted by your organization's policies

Permissions

Your actions in the AWS Console are limited to the permissions set by your organization's administrator. If you need access to additional services or regions, contact your organization manager.

Budget Enforcement

If your allocated budget is exceeded, an AWS Service Control Policy (SCP) is automatically applied to your sub-account. This SCP blocks all resource-creating actions (e.g., launching instances, creating buckets) while retaining read-only and delete permissions. To resume full access, request a budget increase from your organization administrator.

Next Steps

Troubleshooting

The Go To AWS Console button is not visible
  • Verify that your default cloud provider is set to AWS
  • Confirm that you have an active AWS cloud account assigned to your profile
  • Check the Cloud Accounts panel to see your account status
The console opens but shows 'Access Denied' errors

Your organization's policies may restrict access to certain AWS services or regions. Contact your organization administrator to review your permissions.

I see a message about budget exceeded

When your budget is exceeded, resource-creating actions are blocked by an SCP. You can still:

  • View existing resources
  • Delete resources you no longer need
  • Download data from S3 or other services

Request a budget increase from your organization administrator to restore full access.

The console session expired

Federated console sessions have a limited duration. If your session expires, return to the RosettaHub dashboard and click the Go To AWS Console button again to start a new session.