Skip to content

RDS Remote Application: AWS Web Console

Amazon Web Services (AWS) is accessible via a web browser and is used to managed AWS services. When integrated with the 12Port Access Broker via Remote Desktop Services (RDS), this AWS Web Console application enables Zero Trust access with fully monitored and credential-injected administrative sessions.

Installation and Configuration

1. Download Required Files
* Executable:
https://bin.12port.com/product/remote-apps/app-aws-console/app-aws-console.exe
* Configuration File (.ini):
https://bin.12port.com/product/remote-apps/app-aws-console/app-aws-console.ini

Source file: https://bin.12port.com/product/remote-apps/app-aws-console/app-aws-console.au3

* Place both the Executable (.exe) and Configuration (.ini) files in the same directory on the RDS Server where the Remote Application will be published. For example: C:\12Port-RDSApps.

2. Modify Configuration
No .ini configuration is required with this Remote Application.

[app]
exe=msedge.exe

3. Publish the Remote Application
Use the following PowerShell command as an example to publish AWS Web Console as a RemoteApp on the RDS server. This command must be executed from an elevated (Administrator) PowerShell session:

New-RDRemoteApp `
  -CollectionName "QuickSessionCollection" `
  -Alias "app-aws-console" `
  -DisplayName "app-aws-console" `
  -FilePath "C:\12Port-RDSApps\app-aws-console\app-aws-console.exe" `
  -ShowInWebAccess $true `
  -CommandLineSetting "Allow"

Ensure the CommandLineSetting is set to "Allow" to enable the Access Broker to pass connection parameters to the application.

Note

Make sure the -FilePath value accurately reflects the location of the executable on the RDS server.

RDS Application Asset Configuration

To enable Zero Trust access to the AWS Web Console via the 12Port Access Broker:

  • In the RDS Remote Application asset, set the Remote App field to: 
    ||app-aws-console

  • Set the Remote Arguments field to: 

    Host,User,Password,TOTP

    • Specify Host as the full URL to the AWS Web Console login page like https://contoso.signin.aws.amazon.com/console.

    • Specify User as a privileged account for zero trust access.

    • Specify Password for the privileged account for zero trust access.

    • Specify TOTP as the Secret Key that is displayed during application registration like 5WJMAUBDEEOVDNXHDIJZTA8PNBUZ4OL36QYP7PUIKOQYHKLMZRWSLYZ22F

Note

For the TOTP field, if it does not already exist, it must first be added as a new field to this Asset Type. To add the new field properly, use

* Name: TOTP
* Type: TOTP
* Secured: Enabled
* Algorithm: SHA1

AWS Web Console - Asset View

These values allow the Access Broker to inject credentials into the AWS Web Console connection, using the Microsoft Edge web browser, without exposing them to the user.

RDS Session - AWS Web Console

Tip

We recommend you disable the Microsoft Edge Offer to save passwords prompt as this can interrupt the automated login process.

Microsoft Edge Save Password Prompt
Microsoft Edge Disable Save Password Prompt