How to Blur the AWS Console During Screen Sharing (Hide Account ID, ARNs & Secrets)
Giving a live AWS walkthrough on a call? Here's how to hide the 12-digit account ID, IAM ARNs, access key IDs, resource names, billing figures and secrets in the AWS Management Console before you share your screen.
The safest way to hide account data in the AWS Management Console during a screen share is to blur the specific items in the page before you present — the 12-digit account ID and alias in the top-right menu, IAM ARNs, access key IDs, and resource names in your tables. BlurFirst paints each blur into the page as real pixels, so it survives Zoom, Google Meet, Microsoft Teams, Loom, OBS and even a screenshot of the shared feed.
The console is a single-page app that re-renders every time you switch service or region, so lean on anchored region blurs for the fixed chrome — the account menu and the region selector at the top-right — and use element blur or Scan for individual values. Start blurring with Ctrl/⌘ ⇧ Y and keep the panic hotkey Ctrl/⌘ ⇧ H in reach for anything that flashes into frame.
What the AWS console shows that you don't mean to share
- Account ID and alias — the 12-digit account ID and your account alias sit in the top-right menu and appear in ARNs and Switch Role screens; together they identify your whole AWS org.
- IAM identities — user and role ARNs like
arn:aws:iam::123456789012:role/ProdAdminand access key IDs (AKIA…) shown on the IAM and Security Credentials pages. - Resource names, IDs and tags — S3 bucket names, EC2 instance IDs (
i-0abc123…) and their public IPs, RDS identifiers, and cost-allocation tags that name clients or environments. - Secrets in plain sight — a revealed value in Secrets Manager, a decrypted SSM Parameter Store
SecureString, or a plaintext parameter you open on the call. - Billing figures — monthly spend, per-service costs and forecasts in Billing and Cost Explorer, which quietly disclose your scale and margins.
Blur the AWS console step by step
- 1
Open the service and region you'll present
Navigate to the exact console page before the call — EC2, S3, IAM, wherever you're headed — and note which region is selected so nothing surprises you mid-demo.
- 2
Box-blur the account menu and region selector
Drag a BlurFirst box over the top-right area that holds the account ID, alias and region selector. Because it's an anchored region blur, it keeps covering that chrome as the single-page app re-renders between services.
- 3
Element-blur ARNs, key IDs and resource names
Click an ARN, an access key ID, a bucket name or an instance ID in a table to frost just that element — the surrounding columns stay readable. Click again to reveal it if you need to.
- 4
Run Scan to catch access keys and emails
One click runs Scan (Pro), which detects API-key and access-key patterns and email addresses locally and blurs them. It won't recognise the 12-digit account ID, bucket names or ARNs as patterns, so cover those with a box or element blur yourself.
- 5
Reveal secrets carefully, and keep panic ready
If you must open a secret in Secrets Manager or decrypt an SSM parameter, blur the value first or avoid clicking Retrieve secret value. If one appears unexpectedly, press Ctrl/⌘ ⇧ H to blur the whole page instantly.
| Sensitive item | Where it appears | Best gesture |
|---|---|---|
| Account ID + alias | Top-right account menu | Box-blur the account/region chrome |
| IAM ARNs + access key IDs | IAM, Security Credentials | Element blur, or Scan for key IDs |
| S3 bucket / EC2 IDs + IPs | Resource lists and tables | Element blur per row |
| Secret / parameter value | Secrets Manager, SSM | Element blur before revealing |
| Cost + billing figures | Billing, Cost Explorer | Box-blur the charts and totals |
Why IAM permissions don't cover a screen share
IAM policies, permission boundaries and SCPs decide what the signed-in principal can do. On a screen share the signed-in principal is *you*, so the audience sees everything your role can see — the account ID, every ARN, every dollar figure. Those controls were built to gate access, not to manage what a viewer watching your screen reads. In-page blurring works at the presentation layer instead: it controls what the viewer sees, no matter what your own access is.
Reuse your AWS console blurs on every login
If you demo or support from the console regularly, set the structural blurs once. BlurFirst Pro's per-site auto-apply re-applies your saved boxes (the account menu, the region selector) automatically each time you open console.aws.amazon.com, and they survive the single-page-app re-render as you move between services. The profile stores only a CSS selector for each region, never the account ID or resource names inside it, so nothing sensitive is written to disk or uploaded.