In this article, we will look into what really goes on underneath the covers as we demystify Cloud shell in the Azure Cloud Shell. It is an interactive, in-browser shell environment. It has two different shell experiences, either Bash or PowerShell. It lets you manage Azure resources, and it has many other features as well. Azure Cloud Shell has a lot of complexity once you really dig into it. Let’s take a look.
Features
Experience with a shell in a browser
Access to a browser-based command-line environment designed with Azure administrative duties in mind is made possible by Cloud Shell. To operate independently from a local computer in a way that only the cloud can offer, use Cloud Shell.
Preference for a shell experience
Users can choose between Bash or PowerShell.
1.Select Cloud Shell.
2.Select Bash or PowerShell.
After first launch, you can use the shell type drop-down control to switch between Bash and PowerShell:
setup and authenticated Azure workstation
Microsoft manages Cloud Shell, therefore it includes support for well-known command-line tools and languages. When using the Azure CLI or Azure PowerShell cmdlets to access your resources, Cloud Shell additionally securely authenticates itself automatically.
Cloud Shell editor built-in
Based on the free and open source Monaco Editor, Cloud Shell provides an integrated graphical text editor. Run code to create and modify configuration files. using Azure CLI or Azure PowerShell for smooth deployment.
How does Azure Cloud Shell work?
When you launch Cloud Shell, Microsoft is launching an Ubuntu Linux Container in Azure and connecting you to it. If you run the command “lsb_release -a” you’ll see the details about the particular Linux distro currently being used. You are not billed for the compute resources used by this container. This part comes free of charge with your Azure subscription.
However, Cloud Shell needs to store data in a File Share inside of an Azure Storage Account, and you are billed for these resources. But, you may ask why do I need these resources for Cloud Shell? It’s so you can persist data, files, and settings between your different Cloud Shell sessions. Each time you start Cloud Shell a new container is spun up, and each time you close Cloud Shell that container is destroyed. So, the only way to maintain files between each container session is to use shared storage, and that’s where the File Share & Storage Account come in.
Connect your Microsoft Azure Files storage
Although Cloud Shell machines are momentary, your files are stored on them in two different ways: through disk images and a mounted file sharing with the name clouddrive. When you initially run Cloud Shell, a request is made for you to create a resource group, storage account, and Azure Files share. The resources produced are automatically associated for all upcoming sessions after this one-time step. In Cloud Shell, a single file share may be mapped and utilized by both Bash and PowerShell.
Storage in Azure Cloud Shell
The first time that you interact with the Azure Cloud Shell, it’ll ask you to create an Azure storage account. It’s going to use the storage account to persist any keys or any scripts that you might need whenever you’re interacting with your resources.
When you choose the basic settings and select only a single subscription, Cloud Shell will create 3 resources on your behalf in the supported region that’s nearest to you:
- Resource group: cloud-shell-storage-<region>
- Storage account: cs<uniqueGuid>
- File share: cs-<user>-<domain>-com-<uniqueGuid>
Supported Storage Regions:
Cloud Shell machines exist in the following regions:
| Area | Regions |
|---|---|
| Americas | East US, South Central US, West US |
| Europe | North Europe, West Europe |
| Asia Pacific | India Central, Southeast Asia |
Storage in Azure Cloud Shell:
If we look at our research groups, we have a research group called cloud-shell-storage-westus.
In here we could see the storage account that got created for us. Now, if we were supposed to invoke the Cloud Shell, let’s run an LS command. we’ll see that we have a cloud drive folder that’s already mounted for us.
Now, if we go into that cloud drive directory, we’ll see that we also have another folder called the cloud console. So, let’s go into that too. Inside of here, we have a file called acc_cecile.img.
This is the file that’s actually backing the Azure Cloud Shell to persist any of the information you might need.
Concepts
- Cloud Shell runs on a temporary host provided on a per-session, per-user basis
- Cloud Shell times out after 20 minutes without interactive activity
- Cloud Shell requires an Azure file share to be mounted
- Cloud Shell uses the same Azure file share for both Bash and PowerShell
- Cloud Shell is assigned one machine per user account
- Cloud Shell persists $HOME using a 5-GB image held in your file share
- Permissions are set as a regular Linux user in Bash
Compliance
Encryption at rest
All Cloud Shell infrastructure is compliant with double encryption at rest by default. No action is required by users.
Bash in Cloud Shell quick start
Start Cloud Shell
1.Launch Cloud Shell from the top navigation of the Azure portal.
2.Select a subscription to create a storage account and Microsoft Azure Files share.
3.Select “Create storage”
Select the Bash environment
Check that the environment drop-down from the left-hand side of shell window says Bash.
Set your subscription
1.List subscriptions you have access to.
2.Set your preferred subscription:
Create a resource group
Create a new resource group in WestUS named “MyRG”.
Create a Linux VM
Create an Ubuntu VM in your new resource group. The Azure CLI will create SSH keys and set up the VM with them.
Your username on this VM will be your username used in Cloud Shell ($User@Azure:).
SSH into your Linux VM
1.Search for your VM name in the Azure portal search bar.
2.Select Connect to get your VM name and public IP address.
3.SSH into your VM with the ssh cmd.
Upon establishing the SSH connection, you should see the Ubuntu welcome prompt.
Cleaning Up
1.Exit your ssh session.
2.Delete your resource group and any resources within it.
Power Shell in Cloud Shell quick start
PowerShell 7.2 is now used in the Linux environment for the Azure Cloud Shell PowerShell experience. When compared to Windows PowerShell, the PowerShell experience in Cloud Shell is different.
The filesystem in Linux is case-sensitive. Windows considers file.txt and FILE.txt to be the same file. In Linux, they’re considered to be different files. Proper casing must be used while tab-completing in the filesystem. PowerShell specific experiences, such as tab-completing cmdlet names, parameters, and values, aren’t case-sensitive.
Start Cloud Shell
1.Select on Cloud Shell button from the top navigation bar of the Azure portal
2.Select the PowerShell environment from the drop-down and you’ll be in Azure drive (Azure:)
Run PowerShell commands
Run regular PowerShell commands in the Cloud Shell, such as:
output
#You will see output similar to the following:
ResourceGroupName Name Location VmSize OsType ProvisioningState PowerState
—————– —- ——– —— —— – —————- ———-
MyResourceGroup2 Demo westus Standard_DS1_v2 Windows Succeeded running
MyResourceGroup MyVM1 eastus Standard_DS1 Windows Succeeded running
MyResourceGroup MyVM2 eastus Standard_DS2_v2_Promo Windows Succeeded deallocated
Interact with virtual machines
You can find all your virtual machines under the current subscription via VirtualMachines directory.
Output
# You will see output similar to the following:
Directory: Azure:\MySubscriptionName\VirtualMachines
Name ResourceGroupName Location VmSize OsType NIC ProvisioningState PowerState
—- —————– ——– —— —— — —————– ———-
TestVm1 MyResourceGroup1 westus Standard_DS2_v2 Windows my2008r213 Succeeded stopped
TestVm2 MyResourceGroup1 westus Standard_DS1_v2 Windows jpstest Succeeded deallocated
TestVm10 MyResourceGroup2 eastus Standard_DS1_v2 Windows mytest Succeeded running
Invoke PowerShell script across remote VMs
Assuming you have a VM, MyVM1, let’s use Invoke-AzVMCommand to invoke a PowerShell script block on the remote machine.
Azure PowerShell
Enable-AzVMPSRemoting -Name MyVM1 -ResourceGroupname MyResourceGroup
Invoke-AzVMCommand -Name MyVM1 -ResourceGroupName MyResourceGroup -Scriptblock {Get-ComputerInfo} -Credential (Get-Credential)
You can also navigate to the VirtualMachines directory first and run Invoke-AzVMCommand as follows.
Azure PowerShell
PS Azure:\> cd MySubscriptionName\ResourceGroups\MyResourceGroup\Microsoft.Compute\virtualMachines
PS Azure: \MySubscriptionName\ResourceGroups\MyResourceGroup\Microsoft.Compute\virtualMachines> Get-Item MyVM1 | Invoke-AzVMCommand -Scriptblock {Get-ComputerInfo} -Credential (Get-Credential)
Output
# You will see output similar to the following:
PSComputerName : 65.52.28.207
RunspaceId : 2c2b60da-f9b9-4f42-a282-93316cb06fe1
WindowsBuildLabEx : 14393.1066.amd64fre.rs1_release_sec.170327-1835
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerDatacenter
WindowsInstallationType : Server
WindowsInstallDateFromRegistry : 5/18/2017 11:26:08 PM
WindowsProductId : 00376-40000-00000-AA947
WindowsProductName : Windows Server 2016 Datacenter
WindowsRegisteredOrganization :
…
Interactively sign-in to a remote VM
You can use Enter-AzVM to interactively log into a VM running in Azure.
Discover WebApps
By entering into the WebApps directory, you can easily navigate your web apps resources
Azure PowerShell
# You can use Azure cmdlets to Start/Stop your web apps
PS Azure:\MySubscriptionName\WebApps> Start-AzWebApp -Name mywebapp1 -ResourceGroupName MyResourceGroup1
SSH
To authenticate to servers or VMs using SSH, generate the public-private key pair in Cloud Shell and publish the public key to authorized_keys on the remote machine, such as /home/user/.ssh/authorized_keys.
Using SSH
Follow instructions to create a new VM configuration using Azure PowerShell cmdlets. Before calling into New-AzVM to kick off the deployment, add SSH public key to the VM configuration. The newly created VM will contain the public key in the ~\.ssh\authorized_keys location, thereby enabling credential-free SSH session to the VM.
Azure PowerShell
# Create VM config object – $vmConfig using instructions on linked page above
# Generate SSH keys in Cloud Shell
ssh-keygen -t rsa -b 2048 -f $HOME.ssh\id_rsa
# Ensure VM config is updated with SSH keys
$sshPublicKey = Get-Content “$HOME.ssh\id_rsa.pub”
Add-AzVMSshPublicKey -VM $vmConfig -KeyData $sshPublicKey -Path “/home/azureuser/.ssh/authorized_keys”
# Create a virtual machine
New-AzVM -ResourceGroupName -Location -VM $vmConfig
# SSH to the VM
ssh azureuser@MyVM.Domain.Com
List available commands
Under Azure drive, type Get-AzCommand to get context-specific Azure commands.
Alternatively, you can always use Get-Command *az* -Module Az.* to find out the available Azure commands.
Install custom modules
You can run Install-Module to install modules from the PowerShell Gallery.
Microsoft Azure – Add Azure Cloud Shell to VS Code
We will look into how to add the Azure Cloud Shell to Visual Studio Code. This can significantly make the developer’s life simpler and reduce the time switching between windows.
Follow the below steps to add Azure cloud Shell to VS Code:
Step 1: To add the Azure Cloud Shell to Visual Studio Code, first, we’ll need to make sure that we have an extension installed. Inside the extension section, we will type in “Azure account“.
Step 2: Now, we have to make sure that this Azure account extension is installed. Notice we already have it installed, but if you don’t, go ahead and hit that “Install” button.
Step 3: Now that your extension is installed, we should be able to open the command palette and we should be able to type “Open in Cloud Shell“.
Notice that this gives us two options. We can open in Bash or we can even open in PowerShell.
Step 4: We are going to select the “Open in Bash” option. Notice it pops up the terminal window at the bottom, and now it’s going to say, “Not signed in. Sign in first“.
Step 5: Now we are going to click the “Sign-in” button, and now it’s going to ask us to copy the authentication code, and it’s going to pop up open a browser for us to use to authenticate our device. We are going to hit “Continue“,
Step 6: Now we need to select our account. It says, “You have signed in to Visual Studio Code application on your device. You may now close this window.” So, we are going to close it.
Now, we need to give our terminal a second to finish authenticating and connect to the Cloud Shell, and that’s it. We are now connected to an Azure Cloud Shell instance inside of Visual Studio Code.
