AWS CloudShell : The new way to access AWS Resources

2021.03.30

This article talks about a new developer tool which was launched at AWS re:Invent 2020, which makes managing our AWS environment like A WALK IN THE PARK.

What lead to the birth of CloudShell

It feels like home, comforting, ease of access, and operation when we use AWS Console, or stay within Web-browser, YET SOMETIMES WE ALL NEED command-line interface because the power and flexibility CLI have are unparallel to console when we need to try some new AWS feature or service, update the configuration of deployment, configuring our CLI for various AWS account profiles and roles, or the famous serverless framework for LAMBDA function.

All this hassle adds complexity, difficulties, and resistance to our stunning AWS journey, learning curve, and more maintenance on our local machines.

What is CloudShell?

AWS CloudShell is a pre-authenticated (with the console credentials from which it is being launched), configured, Browser-based shell that provides you a shell prompt (Behind the scenes, a compute environment that's based on Amazon Linux 2 is created to provide the shell experience) that enables us to interact with our AWS resources quickly and securely.

For a 5 year kid "Access to shell prompt within the web browser, within the console, no more dealing with AWS credentials, time-consuming configuration, public keys and so forth."

Why it is so Amazing!

Skip configuring CREDENTIALS

AWS Console is used to launch CloudShell, so the credentials we used for signing in to the console are forwarded to CloudShell. This is a great advantage for people who use multiple roles and profiles to access AWS resources. Clearly NO MORE CONFIGURING CREDENTIALS.

Pricing and tools

  • CloudShell is absolutely FREE to use.
  • It supports Bash, PowerShell, and Z shell.Support for leading software languages, enabling you to run Node.js,.NET Core and Python projects, tools, and utilities such asgit, make, pip, sudo, tar, tmux, vim, wget, and zip.

  •  CloudShell has the AWS Command Line Interface (CLI) (v2), AWS Elastic Beanstalk CLI, Amazon ECS CLI, AWS SAM installed and configured so you can run aws cli commands without any kind of installation.
  • For installing third-party software, all AWS CloudShell users have sudo privileges. Hence, sudo command can be used be to install software that's not already available in the shell's compute environment.

1 GB Persistent Storage

CloudShell offers 1 GB of persistent storage per region. Persistent here means that data stored in persistent storage stays between shell sessions and all data which is stored in any other storage is deleted once the current sessions end. Persistent storage is the user's $HOME directory.

NOTE:- Data is retained in the persistent storage of that Region for 120 days after the end of your last session. After 120 days unless you take action, your data will be automatically deleted from the persistent storage of that Region. 

Uploading and Downloading file/files

Cloudshell interface makes it super easy to upload and download file between local machine and the shell environment at a time. For copying multiple files at the same time a user can use an S3 bucket or Zip files.

For Upload

Security

  • Nothing beats Cloud and its security at AWS. System administrators can create IAM policies that specify access to AWS CloudShell and its environment's features, such as what actions a user can perform with the shell environment. This can be done with AWS-managed policy along with an inline policy to manage the scope of actions.

For example, you can allow users to access AWS CloudShell.

 {
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "CloudShellUser",
        "Effect": "Allow",
        "Action": [
            "cloudshell:*"
        ],
        "Resource": "*"
    }]
}

Or, the policy that allows users to access AWS CloudShell but blocks them from uploading and downloading files in the shell environment:

{
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "CloudShellUser",
        "Effect": "Allow",
        "Action": [
            "cloudshell:*"
        ],
        "Resource": "*"
    }, {
        "Sid": "DenyUploadDownload",
        "Effect": "Deny",
        "Action": [
            "cloudshell:GetFileDownloadUrls",
            "cloudshell:GetFileUploadUrls"
        ],
        "Resource": "*"
    }]
}

NOTE:-AWS CloudShell pre-authentication feature of AWS CloudShell makes it very convenient to use AWS CLI. But an IAM user still requires explicit permissions for the AWS services that are called from the command line.

  • Encryption at Rest and in transit.

Things to Remember with CloudShell

  • Currently, AWS CloudShell is available in the following AWS Regions:
    • US East (Ohio)
    • US East (N. Virginia)
    • US West (Oregon)
    • Asia Pacific (Tokyo)
    • Europe (Ireland)
  • Can run a maximum of 10 shells at the same time in each AWS Region at no charge.
  • if you don't interact with the shell using your keyboard or pointer for approximately 20–30 minutes, your shell session will end.
  • Shell session that's been running for approximately 12 hours will automatically end, even if the user is regularly interacting with it during that period.
  • Only Outbound connections are allowed, no inbound connections; Users cannot access inbound ports, no public IP address is available for a cloud session.
  • Incorrectly modifying files that are required by the compute environment can cause trouble for the AWS CloudShell environment, in such cases delete your home directory to regain access.
  • Last but not least AWS CloudShell allows customizing your AWS CloudShell experience.

Conclusion

Here we saw how AWS CloudShell makes our access to AWS Resources easy, frictionless, convenient, secure, and powerful. All we need is a browser and we can use Cloudshell from any place and any device.

Till then happy learning :)