AWS Cloud9 concepts illustrated

AWS Cloud9 is an IDE that lets you write, run, and debug your code with just a web browser.
The purpose of this story is to visually show / explain how it works and what is in my opinion the most important Cloud9 concepts to grasp (regarding permissions, networking, …).

Firstly, The big picture 🌔

(You can also install Cloud9 on a remote server using SSH but we won’t discuss this solution here)

AWS Cloud9 starts the EC2 instance when you need to use it and stop it whenever it is idle (though Cloud9 is free, you still have to pay for the EC2 instances).

I can see the EC2 instance of my environment (one Cloud9 environment = one EC2 instance)

The environments 🔍

In this story I will focus on the environments in blue because they are running on AWS (they are called EC2 environments).

The IAM entity (an IAM user or role for instance) creating the Cloud9 environment is the “owner” of the environment and its IAM permissions can be made available on the EC2 instance of the environment (thanks to a Cloud9 feature named AWS managed temporary credentials).

Here I have created 2 Cloud9 environments: 1 “direct access” (SSH) and 1 “no-ingress” (Systems Manager)

“Direct Access (SSH) vs “No-ingress” (Systems Manager) 📸

AWS Managed temporary credentials: a few notes 📚

  • By default both “direct access” and “no-ingress” environments use the AWS Managed temporary credentials.
  • You can disable the AWS Managed temporary credentials within the IDE (it will remove the ~/.aws/credentials file used to sign the requests made by CLI or SDK).
  • Only the environment owner can enable or disable AWS Managed temporary credentials
  • The “no-ingress” environment needs to keep its IAM role attached (so Cloud9 can start the EC2 instance).

Sharing environments 🤝

  • R (Read only) = The invited IAM user can only read files inside the “ec2-user/environment” directory
  • R&W = the invited IAM user gets a terminal access (ec2-user) and can therefore see and use the AWS managed temporary credentials (so be careful). The invited IAM user can also write / remove files.

No matter what the permissions of the IAM users are (R or R&W), they can use the chat to collaborate and that’s what is making Cloud9 a powerful tool to collaborate.

The end




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

This is my personal blog where I post (in my spare time) computer science “cheatsheets”. I mainly do it for myself but it may benefit others.