Summary
Cloud Shell is a browser-based application that connects to a Linux shell with OCI CLI pre-authorised, among other functions. This shell can connect to resources in private subnets in the home region. Access to subnets in other regions need to be done through peering. Authorisation is done at the tenancy level only.
Reference
Cloud Shell
What Is Cloud Shell?
- Browser-based Linux terminal
- Pre-authenticated OCI CLI
- Tools such as ansible, python preinstalled
- Integrates with IAM
- Free to use
Cloud Shell User Access
allow group <group-name> to use cloud-shell in tenancy
- Cloud Shell IAM policy defines who is allowed use Cloud Shell
- Policy definition is not supported at compartment level
- Policy does not provide additional access
- Operations are allowed according to assigned IAM policies only
Cloud Shell Public Network
- Access instances in public subnet
- Target host SSH key required
Cloud Shell Private Network
- Access private instances in home region
- Private network definition or ephemeral private network
- Cloud Shell private endpoint
- Target host SSH key required
Note: Only VCNs, subnets, and NSGs in your home region are available. If you need to access a subnet that is not in your home region, you can use peering from the subnet used by private network to reach it.
Private Network Definition vs Ephemeral Private Network
- Private Network Definition
- Frequent connections saved as templates
- Switch between network definitions
- Mark the required definition as active and use
- Ephemeral Private Network
- Temporary connection
- After session is closed or expires, create a new session
- Connection only active until Cloud Shell session expires
Cloud Shell Private Network Beyond Home Region
- Easily access Home Region VCN's private resources
- Remotely peer other region VCNs to Home region VCN
- Access private resources of other region VCNs using Cloud Shell