CloudShell
Simfra includes an in-browser terminal - CloudShell - with the AWS CLI pre-configured. Open it and start running commands immediately. No environment variables, profiles, or endpoint URLs to set up.
Accessing CloudShell
Click the terminal icon in the web console navigation bar, or navigate to /cloudshell in the Simfra UI.
CloudShell opens as a floating panel at the bottom of the page. The panel is draggable and resizable.
Pre-Configured Environment
The following are set automatically inside the shell session:
| Variable | Value |
|---|---|
AWS_ENDPOINT_URL |
Simfra's HTTP endpoint |
AWS_ACCESS_KEY_ID |
Root access key for the selected account |
AWS_SECRET_ACCESS_KEY |
Root secret key for the selected account |
AWS_DEFAULT_REGION |
Currently selected region in the UI |
Run any AWS CLI command without additional configuration:
aws s3 ls
aws ec2 describe-instances
aws lambda list-functions
aws dynamodb scan --table-name my-table
Execution Modes
Docker Mode
When SIMFRA_DOCKER=true, CloudShell runs inside a per-account Docker container. This provides:
- Simfra DNS resolution - Service DNS names (ALB endpoints, RDS hostnames) resolve correctly.
- Network access - The container can reach private resources inside VPC Docker networks.
- Isolation - Each account gets its own container.
Containers are created on first use and recycled after an idle timeout (default 20 minutes, configurable via SIMFRA_CLOUDSHELL_IDLE_TIMEOUT).
PTY Mode
When Docker is not available, CloudShell falls back to PTY mode. It runs a shell process directly on the host machine. DNS resolution and network access to private containers are not available in this mode.
WebSocket Connection
The terminal communicates over a WebSocket at /_simfra/cloudshell/connect. Query parameters:
| Parameter | Description |
|---|---|
accountId |
Account to connect as (defaults to the default account) |
region |
AWS region (defaults to the server's default region) |
token |
Admin token for authentication (when SIMFRA_ADMIN_TOKEN is set) |