AWS CloudShell features - AWS CloudShell

AWS CloudShell features

This topic describes how to launch CloudShell from the Console, seamlessly switch between your preferred command line shells, and customize CloudShell to your exact preference. Additionally, you can use up to 1 GB of persistent storage in each AWS Region, and how CloudShell environment is protected by specific security features.

AWS Command Line Interface

You can launch AWS CloudShell from the AWS Management Console. The AWS credentials that you used to sign in to the console are automatically available in a new shell session. Because AWS CloudShell users are pre-authenticated, you don't need to configure credentials when interacting with AWS services using AWS CLI version 2. The AWS CLI is pre-installed on the shell's compute environment.

For more information about interacting with AWS services using the command line interface, see Working with AWS services in AWS CloudShell.

Shells and development tools

With the shell that's created for AWS CloudShell sessions, you can switch seamlessly between your preferred command line shells. More specifically, you can switch between Bash, PowerShell, and Z shell. You also have access to pre-installed tools and utilities. These include git, make, pip, sudo, tar, tmux, vim, wget, and zip.

The shell environment is pre-configured with support for several leading major software languages, such as Node.js and Python. This means that, for example, you can run Node.js and Python projects without first performing runtime installations. PowerShell users can use the .NET Core runtime.

You can commit files that are created in or uploaded to AWS CloudShell to a local repository before pushing these files to a remote repository that's managed by AWS CodeCommit.

For more information, see AWS CloudShell compute environment: specifications and software.

Persistent storage

With AWS CloudShell, you can use up to 1 GB of persistent storage in each AWS Region at no additional cost. Persistent storage is located in your home directory ($HOME) and is private to you. Unlike ephemeral environment resources that are recycled after each shell session ends, data in your home directory persists between sessions.

For more information about the retention of data in persistent storage, see Persistent storage.


CloudShell VPC environments do not have persistent storage. The $HOME directory is deleted when your VPC environment times out (after 20-30 minutes of inactivity), or when you delete or restart your environment.

CloudShell VPC environments

AWS CloudShell virtual private cloud (VPC) enables you to create a CloudShell environment in your VPC. For each VPC environment, you can assign a VPC, add a subnet, and associate one or more security groups. AWS CloudShell inherits the network configuration of the VPC and enables you to use AWS CloudShell securely within the same subnet as other resources in the VPC.


The AWS CloudShell environment and its users are protected by specific security features. This includes such features as IAM permissions management, shell session restrictions, and Safe Paste for text input.

Permissions management with IAM

As administrator, you can grant and deny permissions to AWS CloudShell users using IAM policies. You can also create policies that specify the particular actions that users can perform with the shell environment. For more information, see Managing AWS CloudShell access and usage with IAM policies.

Shell session management

Inactive and long-running sessions are automatically stopped and recycled. For more information, see Shell sessions.

Safe Paste for text input

Safe Paste is enabled by default. This security feature requires that you verify that the multiline text that you want to paste into the shell doesn't contain malicious scripts. For more information, see Using Safe Paste for multiline text.

Customization options

You can customize your AWS CloudShell experience to your exact preference. For example, you can change the screen layouts (multiple tabs), displayed text sizes, and toggle between the light and dark interface themes. For more information, see Customizing your AWS CloudShell experience.

You can also extend your shell environment by installing your own software and modifying start-up shell scripts.

Session restore

The session restore functionality restores sessions that you were running across single or multiple browser tabs in the CloudShell terminal. If you refresh or reopen recently closed browser tabs, this functionality resumes the session until the shell is stopped because of inactive session. To continue using your CloudShell session, press any key within the terminal window. For more information about Shell sessions, see Shell sessions.

Session restore also restores the latest terminal output and running processes in each terminal tabs.


Session restore isn't available in mobile applications.