Troubleshooting AWS CloudShell - AWS CloudShell

Troubleshooting AWS CloudShell

Use the following information to help you identify and address issues with AWS CloudShell.

If your issue isn't listed, or you need additional help, see the AWS CloudShell Discussion Forum. (When you enter this forum, AWS might require you to sign in.) You can also contact us directly.

Unable to launch AWS CloudShell with message "Unable to start the environment. You don't have access permissions. Ask your IAM administrator for access to AWS CloudShell."

Issue: When you try to launch AWS CloudShell from the AWS Management Console, you're denied access and notified you don't have permissions.

Cause: The IAM identity that you're using to access AWS CloudShell lacks the necessary IAM permissions.

Solution: Request that your IAM administrator provides you with the necessary permissions, either through an attached AWS managed policy (AWSCloudShellFullAccess) or an embedded inline policy. For more information, see Managing AWS CloudShell access and usage with IAM policies.

(back to top)

Unable to access AWS CloudShell command line.

Issue: After modifying a file that the compute environment uses, you're unable to access the command line in AWS CloudShell.

Solution: If you do lose access after incorrectly modifying .bashrc or any other file, you can return AWS CloudShell to its default settings by deleting your home directory.

(back to top)

Unable to ping external IP addresses.

Issue: When you run a ping command from the command line (ping amazon.com, for example), you receive the following message:

ping: socket: Operation not permitted

Cause: The ping utility uses Internet Control Message Protocol (ICMP) to send echo requests packets to a target host. It waits for an echo to reply from the target. Because the ICMP protocol isn't enabled in AWS CloudShell, the ping utility doesn't operate in the shell's compute environment.

(back to top)

"There were some issues preparing your terminal" error.

Issue: When trying to access AWS CloudShell using the Microsoft Edge browser, you're unable to start a shell session and the browser displays an error message.

Cause: AWS CloudShell isn't compatible with older versions of Microsoft Edge. You can access AWS CloudShell using the latest four major versions of supported browsers.

Solution: Install an updated version of Edge browser from the Microsoft site.

(back to top)

Arrow keys not working correctly in PowerShell.

Issue: In normal operation, arrow keys allow you to navigate the command line interface and scan backwards and forwards through your command history. But when you press arrow keys in certain versions of PowerShell on AWS CloudShell, letters may be incorrectly outputted instead.

Cause: Arrow keys incorrectly outputting letters is a known issue with PowerShell 7.2.x versions running on Linux.

Solution: Edit the PowerShell profile file and set the $PSStyle variable to PlainText to strip out escape sequences that are modifying the behavior of arrow keys:

  1. In the AWS CloudShell command line, enter the following command to open the profile file:

    vim ~/.config/powershell/Microsoft.PowerShell_profile.ps1
    Note

    If you're already in PowerShell, you can also open the profile file in the editor with the following command:

    vim $PROFILE
  2. In the editor, go to the end of the file's existing text, then press i to enter Insert mode, and add the following statement:

    $PSStyle.OutputRendering = 'PlainText'
  3. After you've made the edit, press Esc to enter the command mode. Next, enter the following command to save the file and exit the editor:

    :wq
Note

Your changes take effect the next time you start PowerShell.

(back to top)

Unsupported Web Sockets cause a failure to start CloudShell sessions.

Issue: When trying to start AWS CloudShell, you repeatedly receive the following message: Failed to open sessions : Timed out while opening the session.

Cause: CloudShell depends on the Web Socket protocol, which allows two-way interactive communication between the user's web browser and the CloudShell service in the AWS Cloud. If you're using a browser in a private network, secure access to the Internet is probably facilitated by proxy servers and firewalls. Web Socket communication can usually traverse proxy servers without a problem. But in some cases, proxy servers prevent Web Sockets from working correctly. If this occurs, CloudShell is unable to start a shell session and the attempt to connect eventually times out.

Solution: A connection timeout may be caused by an issue other than unsupported Web Sockets. So, first refresh the browser window that's displaying the CloudShell command-line interface.

If you're still getting timeout errors after the refresh, see the documentation for your proxy server to ensure it's configured to allow Web Sockets. Alternatively, contact your network's system administrator.

Note

If you want to define more granular permissions by allow-listing specific URLs, you can add part of the URL that the AWS Systems Manager session uses to open a WebSocket connection for sending input and receiving outputs. (Your AWS CloudShell commands are sent to that Systems Manager session.)

The format for this StreamUrl used by Systems Manager is wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output).

The region represents the Region identifier for an AWS Region supported by AWS Systems Manager, such as us-east-2 for the US East (Ohio) Region.

Because the session-id is created after a particular Systems Manager session is successfully started, you can only specify wss://ssmmessages.region.amazonaws.com when updating your URL allow-list. For more information, see the StartSession operation in the AWS Systems Manager API Reference.

(back to top)