Oracle Cloud Infrastructure Documentation

Cloud Shell

Oracle Cloud Infrastructure Cloud (OCI) Shell is a web browser-based terminal accessible from the Oracle Cloud Console. Cloud Shell is free to use (within monthly tenancy limits), and provides access to a Linux shell, with a pre-authenticated Oracle Cloud Infrastructure CLI and other useful tools for following Oracle Cloud Infrastructure service tutorials and labs. Cloud Shell is a feature available to all OCI users, accessible from the Console. Your Cloud Shell will appear in the Oracle Cloud Console as a persistent frame of the Console, and will stay active as you navigate to different pages of the Console.

Cloud Shell provides:

  • An ephemeral machine to use as a host for a Linux shell, pre-configured with the latest version of the OCI Command Line Interface (CLI) and a number of useful tools

  • 5GB of storage for your home directory

  • A persistent frame of the Console which stays active as you navigate to different pages of the console

How Cloud Shell Works

The Cloud Shell machine is a small virtual machine running a Bash shell which you access through the OCI Console. Cloud Shell comes with a pre-authenticated OCI CLI, set to the Console tenancy home page region, as well as up-to-date tools and utilities.

Cloud Shell comes with 5GB of persistent storage for the home directory, so you can make local changes to your home directory, and then continue working on your project when you come back to Cloud Shell.

Cloud Shell is free to use (within your tenancy's monthly limits) and doesn’t require any setup or prerequisites other than an IAM policy granting access to Cloud Shell. Your Cloud Shell includes a VM provisioned for you that executes in its own tenancy (so it doesn't use any of your tenancy's resources) and hosts your shell in an Oracle Linux OS while you’re actively using Cloud Shell.

What's Included With Cloud Shell

In addition to the OCI CLI, the Cloud Shell VM comes with current versions of several useful tools and utilities pre-installed, including:

  • Git
  • Java
  • Python (2 and 3)
  • SQL Plus
  • kubectl
  • helm
  • maven
  • gradle
  • terraform

Required IAM Policy

To get started with Cloud Shell, you’ll need to grant user access to Cloud Shell via an IAM policy. Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).

To use Oracle Cloud Infrastructure, you must be given the required type of access in a policy written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartment you should work in.

The resource name for Cloud Shell is `cloud-shell`. The following is an example policy to grant access to Cloud Shell:

allow group <GROUP-NAME> to use cloud-shell in tenancy

If you're new to policies, see Getting Started with Policies and Common Policies.

Cloud Shell Limitations

Keep the following limitations in mind when using Cloud Shell:

  • Cloud Shell comes with 5GB of storage for the VM's home directory. This storage is persistent from session to session, but after 6-months of non-use, the administrator for your tenancy will receive a notification that the storage will be removed in 60 days. Starting a cloud shell session resets the storage removal timer.
  • The OCI CLI will execute commands against the region selected in the Console's Region selection menu when the Cloud Shell was started. Changing the region selection in the console will not change the region for existing Cloud Shell instances; you will need to open a new Cloud Shell instance to change regions.

  • Cloud Shell sessions have a maximum length of 24 hours, and time out after 20 minutes of inactivity.
  • Cloud Shell is designed for interactive use with Oracle Cloud Infrastructure resources. Users who need additional storage for Cloud Shell or want to run non-interactive long-running tasks are encouraged to use Compute and Storage resources in their tenancy.
  • For more information on Cloud Shell limits, see the Cloud Shell section in Service Limits.

Cloud Shell Access and Other Restrictions

You can access OCI resources from Cloud Shell according to the policies granted by your tenancy administrator. There is no additional access because you're using Cloud Shell, and Cloud Shell does not provide any additional access to your tenancy, or private resources in your tenancy VCNs.

While Cloud Shell provides access to the internet, there is no ingress from the outside world into Cloud Shell (for example: you cannot ssh in to Cloud Shell). If your tenancy admin does not want to enable access to the internet from OCI, they should not grant access to Cloud Shell with an IAM policy.