But CloudShell is yet too narrow of a solution, I'm sure they will improve it over time, but a few problems with todays' release:
1) It only tracks bash commands. What if I write a quick Python one-off script and run it from a file? CloudTrail will never get the content of such script. This is script will get lost at the end of my session. What about Git for storing code?
2) Only works in the browser. The browser has it's good parts, but during incident resolution speed is critical. Getting a prompt without my local shell history, aliases, binaries, and many others, will make it slower to resolve incidents. One might say it's for a good reason, but we can do better.
3) Only works with AWS. This is a big problem as many companies are in the process of migrating to AWS, with services running within their own servers. Companies will use CloudShell to investigate edge cases, most of the time during incidents, engineers need fast access to all resources. Using a different solution for each type of resource won't help.
4) Hard to audit. If you ever tried using CloudTrail, you know what I'm talking about. And again, companies will need different solutions if they don't run only in AWS.
5) No review workflow support. If you only allow platform and SRE to access infrastructure, this is fine. But if you really want to bring ownership of problems to developers (DevOps), they need a way to get this level of access without risking production. This comes in the form of experts reviewing (instead of running) commands and scripts faster that the regular Github Pull Request workflow.
There are more, but I'm still happy with the product. AWS saying that you need one-off solutions no matter how much automation you have will help us move to a future where companies treat one-off scripts as first class citizens.