Hello internet friend. I may be able to make your life easier for 4.

You can use aws vault to open the aws console using roles:

    aws-vault --help
    usage: aws-vault [<flags>] <command> [<args> ...]
    ...
    login [<flags>] [<profile>]
        Generate a login link for the AWS Console.

Which when combined with this plugin: https://github.com/blimmer/zsh-aws-vault

You can just to `avli some-role` and it will pop up in the browser in a new profile.

The only downside here is that you can't combine them into one window.

But it takes the pain out of logging in, and 2 factor, etc.