☁️ AWS · EKS · kubeconfig

Manage your AWS sessionsin less time

A visual AWS session manager that works behind Cloudflare. Switch accounts, manage sessions, detect EKS clusters — so you can focus on what matters.

Coming soonJoin waitlist

Also available for Windows & Linux

Coming next week

Everything you need.Nothing you don't.

☁️

AWS Account Switching

Visual dropdown to switch between all your AWS accounts instantly.

🔐

Session Management

Start, stop, and monitor AWS sessions from a clean table UI.

☸️

EKS Cluster Detection

Automatically detects your EKS clusters from active sessions.

📄

kubeconfig Auto-Update

Updates your kubeconfig automatically when you switch contexts.

🛡️

Cloudflare Compatible

Works perfectly on corporate networks and behind Cloudflare proxy.

🔜

GCP Support

Coming soon

Google Cloud Platform support coming soon.

Why not just use Leapp?

Leapp is great — but it doesn't work for everyone.

Feature

CloudOrbit

Leapp

Works behind Cloudflare

✅

❌

Active development

✅

⚠️

EKS kubeconfig auto-update

✅

❌

No terminal required

✅

macOS + Windows + Linux

✅

Open source

🔜 Soon

✅

😤

Tired of "network service terminated"?

Leapp, Granted, and other Electron-based AWS tools use Chromium's own TLS stack — which ignores your system certificate store. If your company uses Cloudflare Zero Trust, a corporate CA, or any SSL-inspecting proxy, those apps simply crash or refuse to connect.

CloudOrbit is built on Tauri, which uses WKWebView on macOS. WKWebView trusts the exact same certificates as Safari and your system browser — so corporate VPN, Cloudflare Gateway, or custom CA certificates work out of the box. No configuration needed.

Built with Rust + Tauri

No GC. No overhead.No Electron.

CloudOrbit is a native binary — not a bundled Node.js server wrapped in Chromium. It starts in milliseconds and uses a fraction of the RAM.

~12 MBapp bundle< 50 MBmemory at rest0GC pauses

Memory-safe by designNo null pointer crashesNo data racesAWS SDK for RustTokio async runtime

credentials.rs

// Credentials own their data — the compiler
// guarantees they can't outlive the session.
#[derive(Serialize)]
pub struct Credentials {
    pub access_key_id:     String,
    pub secret_access_key: String,
    pub session_token:     String,
    pub expires_at: Option<String>,
}

// ? propagates errors — no try/catch,
// no uncaught exceptions, no silent failures.
pub async fn assume_role(…) -> Result<Credentials, String> {
    let token = read_cached_token(&start_url)
        .ok_or("Not logged in")?;
    let resp  = sso.get_role_credentials()
        .send().await
        .map_err(|e| e.to_string())?;
    Ok(Credentials { … })
}

Roadmap

Plugin architecture — coming soon

The goal is a lightweight, shell-first plugin system. No JavaScript bundles, no npm, no build steps — just scripts and config.

🪝

Lifecycle Hooks

Shell scripts that fire on pre-login, post-assume-role, on-expiry events. Trigger Slack notifications, refresh kubeconfigs, update .envrc files automatically.

🔌

Credential Types

Add new credential sources beyond SSO: IAM User access keys, cross-account chains, OIDC providers (Okta, Azure AD, Google Workspace). Each type is a Rust trait implementation.

📊

Dashboard Panels

Embed custom WebView panels into the main content area. Build a cost dashboard, a CloudWatch widget, or a custom resource viewer — all from a single URL.

~/.config/cloudorbit/plugins.toml

# Notify Slack when a role is assumed
[[plugin]]
name    = "slack-notify"
type    = "hook"
on      = "post-assume-role"
command = "~/.cloudorbit/slack.sh"
args    = ["--channel", "#aws-access"]

Screenshots

See it in action

Real screenshots coming soon. In the meantime, grab the app and see for yourself.

SSO Login & Account List

EKS Cluster Discovery

EC2 Instance Manager

AWS Web Console Federation

Ready to ditch Electron?

Download CloudOrbit for macOS. Free and open source.

Coming soonView on GitHub →

Linux and Windows builds are planned. Contributions welcome.