AWS CloudShell security FAQs - AWS CloudShell

AWS CloudShell security FAQs

Answers to frequently asked questions about security for this AWS service.

What are the AWS processes and technologies that are used when you launch CloudShell and start a shell session?

When signing into AWS Management Console, you enter your IAM user credentials. And when you then launch CloudShell from the console interface, these credentials are used in calls to the CloudShell API that create a compute environment for the service. An AWS Systems Manager session is then created for the compute environment, and CloudShell sends commands to that session.

Back to list of security FAQs

Is it possible to restrict network access to CloudShell?

Access to CloudShell is managed using AWS Identity and Access Management. You can grant access by attaching the AWSCloudShellFullAccess managed policy to a relevant IAM identity. Alternatively, you can edit an inline policy that's embedded in the IAM identity (user, group, or role).

For more information, see Managing AWS CloudShell access and usage with IAM policies.

Back to list of security FAQs

Is it possible to restrict CloudShell access to federated accounts only?

Federated accounts are identities outside of AWS that are granted temporary credentials that provide access to AWS resources in AWS without requiring the creation of IAM users. At present, only IAM users can access CloudShell.

Back to list of security FAQs

Can I customize my CloudShell environment?

You can download and install utilities and other third-party software for your CloudShell environment. Only software that's installed in your $HOME directory is persisted between sessions.

As defined by the AWS shared responsibility model, you as the customer are responsible for the necessary configuration and management of applications that you install.

Back to list of security FAQs

Where is my $HOME directory actually stored in the AWS Cloud?

The infrastructure for storing data in your $HOME is provided by Amazon S3.

Back to list of security FAQs

Is it possible to encrypt my $HOME directory?

Your data in your $HOME directory is already encrypted using Amazon S3 Encryption.

Back to list of security FAQs

Can I run a virus scan on my $HOME directory?

At present, it's not possible to run a virus scan of your $HOME directory. Support for this feature is under review.

Back to list of security FAQs