What is AWS CloudShell? - AWS CloudShell

What is AWS CloudShell?

AWS CloudShell is a browser-based, pre-authenticated shell that you can launch directly from the AWS Management Console. You can run AWS CLI commands against AWS services using your preferred shell (Bash, PowerShell, or Z shell). And you can do this without needing to download or install command line tools.

   AWS CloudShell interface after launch

When you launch AWS CloudShell, a compute environment that's based on Amazon Linux 2 is created. Within this environment, you've access to an extensive range of pre-installed development tools, options for uploading and downloading files, and file storage that persists between sessions.

(Try it now: Tutorial: Getting started with AWS CloudShell.)

AWS CloudShell features

AWS Command Line Interface

You launch AWS CloudShell from the AWS Management Console, and the AWS credentials you used to sign in to the console are automatically available in a new shell session. This pre-authentication of AWS CloudShell users allows you to skip configuring credentials when interacting with AWS services using AWS CLI version 2 (pre-installed on the shell's compute environment).

For more information on interacting with AWS services using the command-line interface, see Working with AWS services in AWS CloudShell.

Shells and development tools

With the shell that's created for AWS CloudShell sessions, you can switch seamlessly between your preferred command-line shells. More specifically, you can switch between Bash, PowerShell, and Z shell. You also have access to pre-installed tools and utilities such as git, make, pip, sudo, tar, tmux, vim, wget, and zip.

The shell environment is pre-configured with support for leading software languages, enabling you to run Node.js and Python projects, for example, without first having to perform runtime installations. PowerShell users can use the .NET Core runtime.

Files created in or uploaded to AWS CloudShell can also be committed to a local repository before being pushed to a remote repository managed by AWS CodeCommit.

For more information, see AWS CloudShell compute environment: specifications and software.

Persistent storage

When using AWS CloudShell you have persistent storage of 1 GB for each AWS Region at no additional cost. The persistent storage is located in your home directory ($HOME) and is private to you. Unlike ephemeral environment resources that are recycled after each shell session ends, data in your home directory persists between sessions.

For more information about the retention of data in persistent storage, see Persistent storage.


The AWS CloudShell environment and its users are protected by specific security features such as IAM permissions management, shell session restrictions, and Safe Paste for text input.

Permissions management with IAM

Administrators can grant and deny permissions to AWS CloudShell users using IAM policies. Administrators can also create policies that specify at a granular level the particular actions those users can perform with the shell environment. For more information, see Managing AWS CloudShell access and usage with IAM policies.

Shell session management

Inactive and long-running sessions are automatically stopped and recycled. For more information, see Shell sessions.

Safe Paste for text input

Enabled by default, Safe Paste is a security feature that asks you to verify that multiline text that you're about to paste into the shell doesn't contain malicious scripts. For more information, see Using Safe Paste for multiline text.

Customization options

Your AWS CloudShell experience can be customized by changing screen layouts (multiple tabs), text sizes, and light/dark interface themes. For more information, see Customizing your AWS CloudShell experience.

You can also extend your shell environment by installing your own software and modifying start-up shell scripts.


AWS CloudShell is an AWS service that's available at no additional charge. You pay for any other AWS resources that you run with AWS CloudShell. Standard data transfer rates also apply.

For more information, see Service quotas and restrictions for AWS CloudShell.

How do I get started?

To start working with the shell, sign in to the AWS Management Console and choose AWS CloudShell from the home page.

    Choosing AWS CloudShell in the AWS Management Console.

For a walkthrough of signing in to the AWS Management Console and performing key tasks with AWS CloudShell, see Tutorial: Getting started with AWS CloudShell.

Key AWS CloudShell topics