TLDR

  • CloudShell is a neat little browser-based terminal option for quick tasks where you may not want to grab credentials and authenticate in a local terminal window. Best of all: It's doesn't cost anything.
  • There are still some limitations, such as regional bounds, but the built-in toolset is impressive. Plus, the service lets you use a package manager to install more.
  • Through the use of S3 and tmux, CloudShell persists your home directory to S3 and allows the resuming of sessions over time.
  • Some terminal-based tools don't render 100% correctly or work completely.

Even in the world of M3 Macs and high-end Lenovo laptops we're still seeing a surge of browser-based compute environments. Among these is AWS CloudShell. First launched in 2020, what was a pretty simple terminal now runs Amazon Linux 2023, comes with a suite of pre-installed tools and even has the ability to upload and download files.

CloudShell dramatically simplifies a lot of the work of getting up and running in AWS. It's not perfect, but it's a pretty handy tool to have in the belt that I'm finding myself using more and more.

Official image describing CloudShell, courtesy of AWS

Key Features

CloudShell seamlessly uses System Manager's Session Manager service to connect you to a compute instance somewhere in the region you're connected to. The terminal window feels very smooth, given its browser foundation. Large clipboard contents (Up to 65k characters) can be pasted into the terminal, and it's also aware of multi-line pasting and will ask you by default before pasting content that spans multiple lines.

The terminal supports two basic themes: a light mode and a dark mode. It can adjust its text size to some degree, too. Surprisingly, there's also some support for keyboard navigation in CloudShell for accessibility purposes.

One of my favorite features is session restore. Work you are doing persists through closed tabs or refreshes until the session times out, which is 30 or so minutes without human interaction in the session. I accidentally close tabs or refresh often, so it's pretty useful knowing that it wouldn't end my session.

As mentioned above, CloudShell comes with an already installed suite of tools. The full list is here, but to name a few:

  • Several different shells, including ZSH and Powershell
  • Various AWS CLI tools, including the primary CLI tool and SAM CLI
  • Node, Python, and Docker
  • Git, Make, tar, wget, and tmux

Interestingly enough, you can also use dnf to install more tools.

The last interesting feature I briefly want to touch on is the ability to split the screen into multiple columns and rows. This mirrors the functionality I frequently use in iTerm2. The keyboard shortcuts to swap between the frames aren't my favorite, but it's doable. ctrl+m then tab to get to the terminal. Hopefully, in future versions, different keyboard shortcuts will be supported.

3 terminal frames, all inside my browser

Integration with AWS Services

Since you connect to CloudShell after you have authenticated into the AWS Console, CloudShell leverages the IAM permissions you already have. This creates a seamless experience between the Console and the terminal.

CloudShell instances also have the AWS CLI and SAM CLI installed for an even easier adoption. I can pull up the CloudShell terminal, query data in S3 quite fast, and then use the terminal to filter EC2 instances because that parameter set on the CLI always stumps me.

Cybersecurity In CloudShell

CloudShell has a strong security footprint. All of the data in the personal storage uses KMS for encryption. Data is also encrypted in transit by default.

I wish there were more auditing data available, such as command logging, which you can configure with Systems Manager for normal sessions, but with CloudShell, only normal CloudTrail data is available.

Also important is that you don't have any control over network restrictions as you would with an EC2 instance or local network.

The team includes a Security FAQ in the user guide, but it's pretty slim.

CloudShell Tips and Tricks

Make it your own

Install the tools you feel comfortable with. For me, I like top and htop and all, but having a more visual tool such as bpytop can help with tracing CPU, memory, and network resources. Regrettably, it isn't 100% perfect. Note the misalignment, but it still is functioning, and I'm almost sure I can fix it after messing around with some of the features.

Fully Use What You Have

Leverage the integrated services to your advantage. Store and fetch data from S3 like it's an external drive on your laptop. Tail logs from Cloudwatch groups. Use it as you move across the AWS Console when the console doesn't give you what you actually want.

References