All about Azure Cloud Shell
Azure Cloud Shell is an interactive, in-browser shell environment. It has two different shell experiences, either Bash or PowerShell. It lets you manage Azure resources, and it has many other features as well. Azure Cloud Shell has a lot of complexity once you really dig into it. Let’s take a look.
Some common ways to access the Azure Cloud Shell
One, from the Azure Portal, click on the Cloud Shell icon in the upper-right:
Two, open the Cloud Shell directly, in its own dedicated browser tab by going to https://shell.azure.com. If you already have the Azure Portal Cloud Shell open, then you can break it out into its own dedicated tab by clicking the "Open new session" button:
Three, if you have Windows Terminal installed, then it comes with support for opening Cloud Shell. Just click on the new tab button and select Azure Cloud Shell:
Four, if you've installed Visual Studio Code, you can also install an official extension called "Azure Account." This extension will add 2 new commands that you can run from within VS Code: Open Bash in Cloud Shell & Open PowerShell in Cloud Shell:
Five, from the Azure Mobile App, you can simply click on Cloud Shell:
How does Azure Cloud Shell work?
Under the hood, when you launch Cloud Shell, Microsoft is launching an Ubuntu Linux Container in Azure and connecting you to it. If you run the command "lsb_release -a" you'll see the details about the particular Linux distro currently being used. You are not billed for the compute resources used by this container. This part comes free of charge with your Azure subscription.
However, Cloud Shell needs to store data in a File Share inside of an Azure Storage Account, and you are billed for these resources. But, you may ask why do I need these resources for Cloud Shell? It's so you can persist data, files, and settings between your different Cloud Shell sessions. Each time you start Cloud Shell a new container is spun up, and each time you close Cloud Shell that container is destroyed. So, the only way to maintain files between each container session is to use shared storage, and that's where the File Share & Storage Account come in.
Tools included with Azure Cloud Shell
The container image being used by Cloud Shell includes a ton of tools that are pre-installed and ready to use immediately. This is not an exhaustive list:
Linux tools such as bash, zsh, sh, tmux, dig
Azure tools such as Azure CLI, Azure Functions CLI, Service Fabric CLI, AzCopy
PowerShell modules such as Az, AzureAd, SQLServer, MicrosoftTeams, PowerBIMgmt, Exchange Online
Text editors such as code, vim, nano, emacs
Build tools such as make, maven, npm, pip
Container/K8S tools such as docker, kubectl, helm, and more
Database tools such as MySQL client, PostgreSql client, sqlcmd, mssql-scripter
Plus more useful tools like terraform, ansible, chef, puppet, packer, and more
The "Code" editor
One of the tools listed above is code. It is a lightweight version of VS Code that you can run directly from Cloud Shell. It is missing some features versus the full-blown VS Code. For example, it does not support extensions. But, it is still a great resource that comes in handy when working in Cloud Shell.
To launch it from Cloud Shell simply type "code". To open the menu click on the ellipses icon in the upper-right:
You can also pass a folder as a command-line option to code. Code will now open with a file browser on the left-hand side. That file browser pane will be open at the root folder that you specified, and it will show you all the subfolders and files, as well. For example, to launch code and open the file browser to the current directory, just launch code with a period, like so: code .
Another way to launch code with a file browser pane is to click on the "Open editor" icon in the Azure Portal Cloud Shell menu. Doing it this way will always open the file browser to the root of your home directory.
Uploading and Downloading files to Cloud Shell
You can upload files from your computer into Cloud Shell. You can also download files from Cloud Shell to your computer. In Azure Portal Cloud Shell, click on the icon for "Upload/Download Files"
Azure Drive is a special feature that is only available from the PowerShell experience of Cloud Shell. It allows you to browse through your Azure Resources from the command-line, just as if they were folders on your hard drive.
To enter Azure Drive: cd azure:
To list the Azure resources at the currently selected level: dir
To change levels: cd resourceName
For example, you might do a "dir" at the top level to list all of your Subscriptions. Then you might "cd" into one of those Subscriptions and do a "dir" again to list everything under that Subscription. Then you might "cd" into a Resource Group and do a "dir" again to list all resources in that group. I think you get the idea.
To exit Azure Drive and go back to your Linux home directory: cd ~
Deep dive into the File Share & Storage Account required by Cloud Shell
Upon launching Cloud Shell for the first time, you will be prompted to create 3 things (or use existing ones): a Resource Group, a Storage Account, and a File Share on that Storage Account.
Be careful, as you first have to click on "Show advanced settings" otherwise these 3 items will be created for you automatically and they will use default names.
This is just a one-time setup. Each Cloud Shell session after this one will automatically attach to the File Share that you create.
Only one File Share is needed, it will be used for both the Bash experience and the PowerShell experience.
Azure Storage Firewall is NOT supported on the Storage Account being used by Cloud Shell.
The Azure File Share is used in two different ways:
Your entire Linux home directory is stored on the File Share in the form of a disk image. The disk image lives on the File Share, inside of a subdirectory called .cloudconsole. In other words, StorageAccount\FileShare\.cloudconsole\acc_username.img is a disk image used to store your Linux home directory ~
The root of the File Share is mapped inside of your Linux home directory (to the "clouddrive" subfolder). To put it another way, the ~/clouddrive folder inside Cloud Shell maps to the root of your Azure File Share. This way, by using Cloud Shell you could store a file in the ~/clouddrive folder, and then be able to access it directly from the File Share using whatever method you like best (Azure Portal, Storage Explorer, etc.). Likewise, you could drop a file into the File Share, then access it from inside Cloud Shell via the ~/clouddrive folder.
Thanks for reading. I know this is a long post with a lot of information, but I hope you got some use out of it. I'm toying with the idea of writing a part 2, with topics such as security best practices, how to use Azure Policy to lock down Cloud Shell, and integrating Cloud Shell into your Azure Virtual Network. Let me know if you'd be interested in reading something like that!