Troubleshooting AWS CloudShell - AWS CloudShell

Troubleshooting AWS CloudShell

Use the following information to help you identify and address issues with AWS CloudShell.

If your issue isn't listed, or if you need additional help, see the AWS CloudShell Discussion Forum. (When you enter this forum, AWS might require you to sign in.) You can also contact us directly.

Unable to launch AWS CloudShell with message "Unable to start the environment. You don't have access permissions. Ask your IAM administrator for access to AWS CloudShell."

Issue: When you try to launch AWS CloudShell from the AWS Management Console, you're denied access and notified you don't have permissions.

Cause: The IAM identity that you're using to access AWS CloudShell lacks the necessary IAM permissions.

Solution: Request that your IAM administrator provides you with the necessary permissions, either through an attached AWS managed policy (AWSCloudShellFullAccess) or an embedded inline policy. For more information, see Managing AWS CloudShell access and usage with IAM policies.

(back to top)

Error when calling an AWS CLI command in PowerShell: "No credentials specified or obtained from persisted/shell defaults."

Issue: When you call an AWS command from the PowerShell command line, a credentials error is returned instead of the expected response from the AWS service.

Cause: A credentials error occurs if PowerShell is unable to find the AWS credentials that are required for an AWS CLI command. For Linux operating systems, AWS credentials are usually stored in ~/.aws/config.

Solution: You can resolve this issue by creating a config file with a profile that gets the temporary credentials that are required by AWS CLI.


The AWS.Tools package and the modules for AWS services are installed in your home directory. You don't have to re-install them after the current session ends.

  1. In AWS CloudShell, switch to PowerShell:

  2. Install the AWS.Tools installer package:

    PS /home/cloudshell-user> Install-Module -Name AWS.Tools.Installer
  3. Install AWS.Tools modules for Amazon EC2 and Amazon S3:

    PS /home/cloudshell-user> Install-AWSToolsModule AWS.Tools.EC2,AWS.Tools.S3 -CleanUp
  4. Create a directory and use the touch command to create an empty config file in it:

    PS /home/cloudshell-user> mkdir ~/.aws PS /home/cloudshell-user> touch ~/.aws/config
  5. Next, edit the config file in a text editor (vim is pre-installed) and add the following:

    [profile pwsh] credential_process = bash -c 'curl -H "X-aws-ec2-metadata-token: $AWS_CONTAINER_AUTHORIZATION_TOKEN" -v $AWS_CONTAINER_CREDENTIALS_FULL_URI | jq "{AccessKeyId: .AccessKeyId, SecretAccessKey: .SecretAccessKey, SessionToken: .Token, Expiration: .Expiration, Version: 1"}'

    When you're finished, save the file and return to the command line.

  6. Now use Set-AWSCredential to specify the pwsh profile for the current session:

    PS /home/cloudshell-user> Set-AWSCredential -ProfileName pwsh

(back to top)

Unable to access AWS CloudShell command line.

Issue: After modifying a file that the compute environment uses, you're unable to access the command line in AWS CloudShell.

Solution: If you do lose access after incorrectly modifying .bashrc or any other file, you can return AWS CloudShell to its default settings by deleting your home directory.

(back to top)

Unable to ping external IP addresses.

Issue: When you run a ping command from the command line (ping, for example), you receive the following message:

ping: socket: Operation not permitted

Cause: The ping utility uses Internet Control Message Protocol (ICMP) to send echo requests packets to a target host. It then waits for an echo reply from the target. Because the ICMP protocol isn't enabled in AWS CloudShell, the ping utility doesn't operate in the shell's compute environment.

(back to top)