Introduction
AWS Cloud Shell was announced at the Werner Vogels Keynote at AWS re:Invent 2020.
π AWS CloudShell β Command-Line Access to AWS Resources
https://aws.amazon.com/jp/blogs/aws/aws-cloudshell-command-line-access-to-aws-resources/
AWS CloudShell is a browser-based shell that can be launched directly from the AWS management console.
The shell can use Bash, PowerShell, Z shell, and comes preconfigured with tools to support the AWS CLI and other major development languages.
The pre-setup tools are described in the following document.
AWS CloudShell compute environment: specifications and software
https://docs.aws.amazon.com/cloudshell/latest/userguide/vm-specs.html
For example, kubectl is not installed.
Let's prepare the working environment for Amazon EKS by yourself.
Is the installation of additional software in a shell environment supported?
Yes, but it must be managed by the user. (Shared Responsibility modelπ)
Setting up
Just click on the icon on the managed console to launch CloudShell.
- I installed what I could think of for now.
- Please change the version as needed.
- In this article, not discuss how to link clusters and IAM users/roles.
- If you want Docker, use Cloud9!
The installation directory is set to $HOME/.local/bin
This is because the persistent storage that is maintained between sessions is $HOME
. (See the second half of this article for details.)
# Create directory
mkdir -p $HOME/.local/bin
cd $HOME/.local/bin
# kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.18.13/bin/linux/amd64/kubectl
chmod +x kubectl
# Create $HOME/.kube/config
aws eks update-kubeconfig --name <YOUR_CLUSTER_NAME>
# eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl $HOME/.local/bin
# helm
export VERIFY_CHECKSUM=false
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
sudo mv /usr/local/bin/helm $HOME/.local/bin
Packages installed by yum cannot be placed in persistent storage ($HOME
), so they need to be installed for each new session.
You can write a command in your .bash_profile
to automatically install them when you start CloudShell.
I want to use kubectl completion, so I installed bash-completion.
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
# User specific environment and startup programs
PATH=$PATH:$HOME/.local/bin:$HOME/bin
export PATH
# Install at startup
sudo yum install -y bash-completion > /dev/null 2>&1
The kubectl completion configuration can be saved to persistent storage.
kubectl completion bash > $HOME/.bash_completion
Notes on CloudShell
Persistent storage
- CloudShell can use 1 GB of persistent storage per region.
- Persistent storage is located in your home directory ($HOME) and is private. (It is not shared among users.)
- Only this area is guaranteed to be retained between sessions.
- Software and other data stored in directories other than the home directory will not be retained at the end of a session.
- The data in the persistent storage will be deleted after 120 days from the end of the last session.
CloudShell access permissions
As with any service, you need to explicitly grant CloudShell access to the target IAM user/role.
It is easiest to use the AWSCloudShellFullAccess AWS managed policy, but if you want to restrict file upload/download via CloudShell, you can use a custom policy like the following.
{
"Version": "2012-10-17",
"Statement": [{
"Sid": "CloudShellUser",
"Effect": "Allow",
"Action": [
"cloudshell:*"
],
"Resource": "*"
}, {
"Sid": "DenyUploadDownload",
"Effect": "Deny",
"Action": [
"cloudshell:GetFileDownloadUrls",
"cloudshell:GetFileUploadUrls"
],
"Resource": "*"
}]
}
Permissions to access AWS services from within CloudShell.
Automatically uses the IAM credentials you used to sign in to the AWS Management Console.
This means that the operating IAM user/role must have explicit permission to access the target AWS service.
Reference
AWS CloudShell - User Guide
https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html
Top comments (0)