The AWS CLI is an extremely powerful tool to interact with AWS. It offers commands that allow developers to create, update, delete and manage their AWS resources.
Unfortunately interacting with AWS through the CLI is fraught with frustration. You would need to configure a User through the AWS console and save a pair of secret keys, and secret access keys. These keys are basically the key to the castle, no pun intended, of your AWS account – lose them to the public internet and risk a bad actor maliciously handling your AWS resources.
You then needed to run a command called
aws configure where they would be prompted to provide their credentials. This is a one-time setup for developers.
This works fine until you have to start juggling many different AWS accounts and users within those accounts. You would have to run aws configure each time and re-configure your CLI for the right user/account.
This experience could be slightly improved by setting up CLI ‘profiles’, so you could then run a modified aws configure command with a profile specified in order to use the right account – cool stuff.
But surely we could do better. And now with AWS CloudShell, we certainly can.
CloudShell Eliminates Permission Headaches
CloudShell is a new component of the AWS console that allows developers to quickly access a cloud-based terminal/command prompt. This makes juggling AWS credentials largely a thing of the past.
Users can launch CloudShell from anywhere in their AWS account by clicking a new console button on the top header menu.
Doing so opens the CloudShell Terminal which comes pre-installed with many useful utilities including:
- AWS CLI
- bash utilities
Additionally, you can upload files to the terminal which will persist from session to session. Keep in mind though that your maximum upload limit is 10gb so don’t plan on keeping large libraries on there.
This means CloudShell would be a great spot to run adhoc commands using the aws cli, or maintain and run scripts for your devops workflows.
Lastly, the sessions are region specific, so files stored in one regions terminal will need to be copied over to the other.
Another thing to keep in mind is that your AWS CLI permissions applied to the session are inherited from the user you login with.
So for example, if you login with a user that only has the dynamodb:query permission, you wouldn’t be able to execute the dynamodb:getitem api.
Keep this in mind and adjust your permissions accordingly.
Overall, CloudShell is a great quality of life improvement that helps developers navigate their aws resources, and a great option to run emergency scripts from.
CloudShell is currently available in the major AWS regions (us-east-1, us-west-2, and eu-west-1). Look forward to further expansion in the coming months.