diff --git a/cli/login.go b/cli/login.go
index f248325f8..556702356 100644
--- a/cli/login.go
+++ b/cli/login.go
@@ -32,6 +32,7 @@ type LoginCommandInput struct {
 	FederationTokenDuration time.Duration
 	AssumeRoleDuration      time.Duration
 	Region                  string
+	Path                    string
 }
 
 func ConfigureLoginCommand(app *kingpin.Application) {
@@ -46,6 +47,9 @@ func ConfigureLoginCommand(app *kingpin.Application) {
 		Short('t').
 		StringVar(&input.MfaToken)
 
+	cmd.Flag("path", "The AWS service you would like access").
+		StringVar(&input.Path)
+
 	cmd.Flag("federation-token-ttl", "Expiration time for aws console session").
 		Default("12h").
 		OverrideDefaultFromEnvar("AWS_FEDERATION_TOKEN_TTL").
@@ -80,6 +84,7 @@ func LoginCommand(app *kingpin.Application, input LoginCommandInput) {
 		AssumeRoleDuration: input.AssumeRoleDuration,
 		MfaToken:           input.MfaToken,
 		MfaPrompt:          input.MfaPrompt,
+		Path:               input.Path,
 		NoSession:          true,
 		Config:             awsConfig,
 		Region:             profile.Region,
@@ -124,7 +129,7 @@ func LoginCommand(app *kingpin.Application, input LoginCommandInput) {
 		return
 	}
 
-	loginURLPrefix, destination := generateLoginURL(provider.Region)
+	loginURLPrefix, destination := generateLoginURL(provider.Region, input.Path)
 
 	req, err := http.NewRequest("GET", loginURLPrefix, nil)
 	if err != nil {
@@ -218,7 +223,7 @@ func getFederationToken(creds credentials.Value, d time.Duration, region string)
 	return resp.Credentials, nil
 }
 
-func generateLoginURL(region string) (string, string) {
+func generateLoginURL(region string, path string) (string, string) {
 	loginURLPrefix := "https://signin.aws.amazon.com/federation"
 	destination := "https://console.aws.amazon.com/"
 
@@ -232,10 +237,17 @@ func generateLoginURL(region string) (string, string) {
 			loginURLPrefix = "https://signin.amazonaws-us-gov.com/federation"
 			destinationDomain = "console.amazonaws-us-gov.com"
 		}
-		destination = fmt.Sprintf(
-			"https://%s.%s/console/home?region=%s",
-			region, destinationDomain, region,
-		)
+		if path != "" {
+			destination = fmt.Sprintf(
+				"https://%s.%s/%s?region=%s",
+				region, destinationDomain, path, region,
+			)
+		} else {
+			destination = fmt.Sprintf(
+				"https://%s.%s/console/home?region=%s",
+				region, destinationDomain, region,
+			)
+		}
 	}
 	return loginURLPrefix, destination
 }
diff --git a/vault/provider.go b/vault/provider.go
index 1bb4cf5e8..2b94363eb 100644
--- a/vault/provider.go
+++ b/vault/provider.go
@@ -36,6 +36,7 @@ type VaultOptions struct {
 	Config             *Config
 	MasterCreds        *credentials.Value
 	Region             string
+	Path               string
 }
 
 func (o VaultOptions) Validate() error {