How to Blur AWS Console and Cloud Dashboards During Screen Sharing
Hide account IDs, access keys, billing data, and infrastructure details in AWS Console, GCP, and Azure before screen sharing during team calls and demos.
Short answer
Hide account IDs, access keys, billing data, and infrastructure details in AWS Console, GCP, and Azure before screen sharing during team calls and demos.
Direct answer
hide account ids, access keys, billing data, and infrastructure details in aws console, gcp, and azure before screen sharing during team calls and demos and follow the step-by-step approach in this guide.
Cloud Consoles Are Security Nightmares to Screen Share
The AWS Management Console, Google Cloud Console, and Azure Portal display the most security-critical information in your organization: account IDs, access keys, secret keys, resource ARNs, billing data, IP addresses, security group configurations, database connection strings, and infrastructure architecture.
Sharing a cloud console screen is one of the highest-risk screen sharing scenarios. A single exposed AWS access key can be used to spin up resources, access S3 buckets, read databases, and potentially compromise your entire infrastructure. Automated bots scan the internet for leaked AWS keys and can begin exploiting them within minutes of exposure.
Yet developers and DevOps engineers share cloud console screens constantly. Debugging infrastructure issues with teammates. Walking through architecture with new hires. Presenting cost reports to management. Reviewing security configurations with auditors. Every one of these creates a moment where credentials or infrastructure details could be captured by a participant, a screen recording, or a screenshot.
What to Blur in AWS Console
Top Navigation Bar
- Account ID: Your 12-digit AWS account number (visible in the top-right dropdown)
- Account alias: Your organization name
- Region selector: Reveals where your infrastructure runs
IAM (Identity and Access Management)
- Access keys: Access Key ID and Secret Access Key — the most critical data to hide
- User ARNs: Resource identifiers containing account IDs
- Policy documents: JSON policies revealing permission structures
- Role ARNs and trust relationships: Internal architecture details
EC2 and Compute
- Instance IDs and IP addresses: Public and private IPs, elastic IPs
- Security group rules: Port configurations and allowed IP ranges
- Key pair names: SSH key identifiers
- User data scripts: Startup scripts that may contain secrets
S3
- Bucket names: Bucket naming conventions reveal organization structure
- Bucket policies: Access control configurations
- Object URLs: Pre-signed URLs or public endpoints
RDS and Databases
- Database endpoints: Connection strings with hostnames
- Master usernames: Database admin credentials
- Parameter groups: Database configuration details
Billing
- Account charges: Monthly costs and cost breakdowns
- Payment methods: Credit card details (partially masked but still sensitive)
- Usage reports: Resource consumption revealing scale and architecture
CloudFormation / Infrastructure as Code
- Stack parameters: Often contain secrets, API keys, and connection strings
- Template source: Infrastructure architecture details
How to Blur Cloud Consoles
All major cloud consoles run in the browser. ContextBlur works on every page.
- Open AWS Console (or GCP, Azure) in Chrome
- Navigate to the page you plan to share
- Activate ContextBlur (
Ctrl+Shift+B) - Immediately blur the account ID in the top navigation — this is visible on every page
- Click access keys, IP addresses, ARNs, bucket names, and any other sensitive data
- Click billing amounts and payment information
- Start your screen share
Priority Blur Order
If you only have seconds to prepare:
- Account ID (top-right corner)
- Any visible access keys or secret keys
- IP addresses and endpoints
- Billing totals
These four categories represent the highest security risk if exposed.
Scenario Strategies
Infrastructure Debugging with Team
- Blur the account ID and region (unless the team already knows)
- Blur other resources not relevant to the debugging session
- Blur security group rules showing IP allowlists
- Show only the specific resource being debugged
Architecture Review with New Hires
- Blur all access keys, secrets, and credentials
- Blur specific IP addresses and endpoints
- Blur billing data unless relevant to the review
- Use the opportunity to demonstrate security practices
Cost Review with Management
- Blur resource-level details (show aggregate costs by service)
- Blur account IDs and infrastructure specifics
- Blur payment method details
- Show cost trends and optimization recommendations
Security Audit
- Work with the auditor to determine what they need to see
- Blur resources and accounts not within the audit scope
- Blur billing unless financials are part of the audit
- Consider sharing specific screenshots instead of live screen sharing
GCP and Azure
The same principles apply to Google Cloud Console and Azure Portal:
Google Cloud: Blur project IDs, service account keys, billing account details, and Compute Engine instance IPs.
Azure: Blur subscription IDs, resource group names, key vault secrets, and App Service configuration values.
ContextBlur works on all three platforms because they all render in Chrome.
If you are a vibecoder deploying quickly from Cursor, Windsurf, Bolt, or Replit, AWS pages are often opened mid-demo without prep. Add vibe coding protection and API-key screen-sharing controls to your default workflow.
Auto-Blur for Cloud Consoles
ContextBlur Pro auto-detects patterns that look like email addresses and credit card numbers. For cloud-specific data (access keys, account IDs, ARNs), manually blur these elements or set up persistent blur rules for your cloud console domains.
For developer-specific screen sharing practices, see our developer privacy guide. For enterprise security policies around screen sharing, see the security best practices guide.