AWS CloudShell
AWS CloudShell is a free Linux terminal that runs inside your web browser, right next to the AWS Management Console (AWS’s web dashboard for managing your cloud). It is already signed in as you, and the AWS CLI (Command Line Interface — a tool that lets you control AWS by typing commands) is already installed. That means you can run AWS commands in seconds without installing anything, configuring keys, or trusting your laptop. It is the fastest way to go from “I have an idea” to “I ran the command.”
What CloudShell actually is
Think of CloudShell as a small, temporary Linux computer that AWS spins up for you in the browser. When you open it, AWS gives you a shell session (a command-line environment) that already knows who you are. The credentials come from the same console login you used, so there are no access keys to copy or leak.
It comes loaded with common tools out of the box: the AWS CLI v2, Python, Node.js, Git, jq (a tool for reading JSON output), and the bash, zsh, and PowerShell shells. You also get a small amount of saved disk space in your home folder, so files you create can survive between sessions (with limits — see the gotcha below).
When to use CloudShell (and when not to)
Use CloudShell when you want to run a few AWS commands quickly and you do not want to set up anything locally. It is perfect for learning, for one-off tasks, for troubleshooting from any machine, and for situations where installing the CLI is not allowed (like a locked-down work laptop).
Reach for a local CLI install instead when you do real, repeated work: scripting, automation, deploying from a CI/CD pipeline (a system that builds and ships code automatically), or anything where you need your own editor, your own files, and full speed.
| AWS CloudShell | Local AWS CLI | |
|---|---|---|
| Setup | None — open and type | Install CLI + configure credentials |
| Sign-in | Inherits your console login | You manage access keys / SSO |
| Best for | Quick commands, learning, troubleshooting | Daily work, scripting, automation |
| Persistence | 1 GB home dir, reclaimed when idle | Your full machine, always there |
| Cost | Free | Free (you pay for what your commands create) |
| Offline use | No (needs the browser console) | Yes |
Tip: CloudShell is great for “I just need to check one thing.” If you find yourself opening it every day, that is a sign you should install the CLI locally.
How to open CloudShell
From the AWS Management Console:
- Sign in to the AWS Management Console.
- Look at the top navigation bar. Click the terminal icon (a
>_square) next to the search box. - Wait a few seconds while AWS prepares your environment for this Region (a geographic location where AWS runs its data centers).
- A black terminal panel opens at the bottom of the screen. You are now logged in and ready to type.
There is no CLI command to “open CloudShell” — it is a console feature. But once you are inside it, you run the normal AWS CLI.
Confirming who you are
The first thing worth doing inside any shell is checking which identity you are using. CloudShell inherits your console permissions, so this tells you exactly what you are allowed to do.
aws sts get-caller-identityOutput:
{
"UserId": "AIDA0A1B2C3D4E5F6G7H8",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/jaswinder"
}The Arn (Amazon Resource Name — a unique ID for anything in AWS) confirms the user. The Account is your 12-digit account number. If this matches your console login, everything is wired up correctly.
Running real commands
Because the CLI is pre-installed and authenticated, you can immediately do useful work. For example, list your S3 buckets (S3 is AWS’s file storage service):
aws s3 lsOutput:
2026-01-12 09:14:33 my-app-assets
2026-03-04 17:42:01 devcraftly-backupsOr list your EC2 instances (EC2 is AWS’s virtual server service), pulling out just the fields you care about with jq:
aws ec2 describe-instances \
--query "Reservations[].Instances[].{Id:InstanceId,State:State.Name,Type:InstanceType}" \
--output tableOutput:
-----------------------------------------------
| DescribeInstances |
+----------------+------------+---------------+
| Id | State | Type |
+----------------+------------+---------------+
| i-0a1b2c3d4e5f| running | t3.micro |
+----------------+------------+---------------+Region matters
CloudShell runs in one Region at a time, and your CLI commands act on that Region by default. The current Region is shown in the top-right corner of the console. If you switch Regions in the console, CloudShell restarts a fresh environment for the new Region.
You can always override the Region for a single command with --region:
aws ec2 describe-instances --region us-east-1Note: CloudShell is not available in every Region. If the terminal icon is missing or greyed out, switch to a supported Region (such as
us-east-1) and try again.
The storage gotcha
This is the most important thing to remember. CloudShell gives you 1 GB of persistent storage in your home directory (/home/cloudshell-user). Files there survive between sessions. Everything else does not.
If you do not use CloudShell for a while (about 20-30 minutes of inactivity ends the session, and roughly 120 days without using CloudShell at all), AWS reclaims the environment. Anything outside your 1 GB home directory is wiped, and if the whole environment is reclaimed, even the home directory is deleted.
Warning: Never treat CloudShell as a safe place to store anything important. Do not keep the only copy of a script, a key file, or data there. Push code to Git, store data in S3, and treat the shell as disposable.
To move a file you created in CloudShell somewhere durable, copy it to S3:
aws s3 cp my-script.sh s3://devcraftly-backups/scripts/my-script.shOutput:
upload: ./my-script.sh to s3://devcraftly-backups/scripts/my-script.shUploading and downloading files
CloudShell has a built-in Actions menu in the terminal toolbar. Use Actions -> Upload file to push a file from your computer into the shell, and Actions -> Download file to pull one out (you type the file path, like /home/cloudshell-user/results.txt). This is handy when you do not want to route a file through S3.
Cost
CloudShell itself is completely free — there is no charge for the compute, the shell, or the 1 GB of storage. You only pay for the AWS resources your commands create. For example, aws s3 ls is free, but if you run a command that launches an EC2 instance, you pay for that instance just as you would anywhere else.
Best practices
- Run
aws sts get-caller-identityfirst to confirm which account and identity you are using before making changes. - Treat the environment as disposable — keep nothing important in it, and back up anything you create to S3 or Git.
- Watch the Region indicator; commands hit your current Region unless you pass
--region. - Use CloudShell for quick, exploratory, or emergency tasks; install the CLI locally for daily and automated work.
- Use
--output tableorjqto make long JSON results readable while you learn. - Sign out or close the tab when done — the session is tied to your live console login.