AWS Cloud9 is no longer available to new customers. Existing customers of AWS Cloud9 can continue to use the service as normal. [Learn more](https://aws.amazon.com/blogs/devops/how-to-migrate-from-aws-cloud9-to-aws-ide-toolkits-or-aws-cloudshell/)

# Working with shared environment in AWS Cloud9
<a name="share-environment"></a>

A *shared environment* is an AWS Cloud9 development environment that multiple users were invited to participate in. This topic provides instructions for sharing an environment in AWS Cloud9 and how to participate in a shared environment.

To invite a user to participate in an environment that you own, follow one of these sets of procedures. Choose based on the type of user that you want to invite. 
+ If you are a user in the same AWS account as the environment you should [Invite a User in the Same Account as the Environment](#share-environment-invite-user).
+ If you are an AWS Cloud9 administrator in the same AWS account as the environment, specifically the AWS account root user, an administrator user or a user with the AWS managed policy `AWSCloud9Administrator` attached, then you should invite the AWS Cloud9 administrator yourself, see [Invite a User in the Same Account as the Environment](#share-environment-invite-user), or have the AWS Cloud9 administrator invite themself (or others in the same AWS account), see [Have an AWS Cloud9 Administrator in the Same Account as the Environment Invite Themself or Others](#share-environment-admin-user).

## Shared Environment use cases
<a name="share-environment-about"></a>

A shared environment is good for the following use cases:
+ **Pair programming **(**also known as *peer programming***)**: **This is where two users work together on the same code in a single environment. In pair programming, typically one user writes code while the other user observes the code being written. The observer gives immediate input and feedback to the code writer. These positions frequently switch during a project. Without a shared environment, teams of pair programmers typically sit in front of a single machine. Only one user at a time can write code. With a shared environment, both users can sit in front of their own machine. Moreover, they can write code at the same time, even if they are in different physical offices.
+ **Computer science classes: **This is useful when teachers or teaching assistants want to access a student's environment. Doing so can be for review a student's homework or fix issues with their environment in real time. Students can also work together with their classmates on shared homework projects, writing code together in a single environment in real time. They can do this even though they might be in different locations using different computer operating systems and web browser types.
+ Any other situation where multiple users need to collaborate on the same code in real time.

## About environment member access roles
<a name="share-environment-member-roles"></a>

Before you share an environment or participate in a shared environment in AWS Cloud9, you should understand the access permission levels for a shared environment. We call these permission levels *environment member access roles*.

A shared environment in AWS Cloud9 offers three environment member access roles: *owner*, *read/write*, and *read-only*.
+ An owner has full control over an environment. Each environment has one and only one owner, who is the environment creator. An owner can do the following actions.
  + Add, change, and remove members for the environment
  + Open, view, and edit files
  + Run code
  + Change environment settings
  + Chat with other members
  + Delete existing chat messages

  In the AWS Cloud9 IDE, an environment owner is displayed with **Read\$1Write** access.
+ A read/write member can do the following actions.
  + Open, view, and edit files
  + Run code
  + Change various environment settings from within the AWS Cloud9 IDE
  + Chat with other members
  + Delete existing chat messages

  In the AWS Cloud9 IDE, read/write members are displayed with **Read\$1Write** access.
+ A read-only member can do the following actions.
  + Open and view files
  + Chat with other members
  + Delete existing chat messages

  In the AWS Cloud9 IDE, read-only members are displayed with **Read Only** access.

Before a user can become an environment owner or member, that user must meet one of the following criteria.
+ The user is an **AWS account root user**.
+ The user is an **administrator user**. For more information, see [Creating Your First IAM Admin User and Group](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-set-up.html#create-an-admin) in the *IAM User Guide*.
+ The user is a **user who belongs to an IAM group**, a **user who assumes a role**, or a **federated user who assumes a role**, *and* that group or role has the AWS managed policy `AWSCloud9Administrator` or `AWSCloud9User` (or `AWSCloud9EnvironmentMember`, to be a member only) attached. For more information, see [AWS Managed (Predefined) Policies](security-iam.md#auth-and-access-control-managed-policies).
  + To attach one of the preceding managed policies to an IAM group, you can use the [AWS Management Console](#share-environment-member-roles-console) or the [AWS Command Line Interface (AWS CLI)](#share-environment-member-roles-cli) as described in the following procedures.
  + You can create a role in IAM with one of the preceding managed policies for a user or a federated user to assume. For more information, see [Creating Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html) in the *IAM User Guide*. To have a user or a federated user assume the role, see coverage of assuming roles in [Using IAM Roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the *IAM User Guide*.

### Attach an AWS managed policy for AWS Cloud9 to a group using the console
<a name="share-environment-member-roles-console"></a>

The following procedure outlines how to attach an AWS managed policy for AWS Cloud9 to a group using the console.

1. Sign in to the AWS Management Console, if you are not already signed in.

   For this step, we recommend you sign in using IAM administrator-level credentials in your AWS account. If you can't do this, check with your AWS account administrator.

1. Open the IAM console. To do this, in the console navigation bar, choose **Services**. Then choose **IAM**.

1. Choose **Groups**.

1. Choose the name of the group.

1. On the **Permissions** tab, for **Managed Policies**, choose **Attach Policy**.

1. In the list of policy names, choose one of the following boxes.
   +  **AWSCloud9User** (preferred) or **AWSCloud9Administrator** to enable each user in the group to be an environment owner
   +  **AWSCloud9EnvironmentMember** to enable each user in the group to be a member only

   (If you don't see one of these policy names in the list, type the policy name in the **Search** box to display it.)

1. Choose **Attach policy**.

### Attach an AWS managed policy for AWS Cloud9 to a group using the AWS CLI
<a name="share-environment-member-roles-cli"></a>

**Note**  
If you're using [AWS managed temporary credentials](security-iam.md#auth-and-access-control-temporary-managed-credentials), you can't use a terminal session in the AWS Cloud9 IDE to run some or all of the commands in this section. To address AWS security best practices, AWS managed temporary credentials don’t allow some commands to be run. Instead, you can run those commands from a separate installation of the AWS Command Line Interface (AWS CLI).

Run the IAM `attach-group-policy` command to attach the AWS managed policy for AWS Cloud9 to the group. Specify the group name and the Amazon Resource Name (ARN) of the policy:

```
aws iam attach-group-policy --group-name MyGroup --policy-arn arn:aws:iam::aws:policy/POLICY_NAME
```

In the preceding command, replace `MyGroup` with the name of the group. Replace `POLICY_NAME` with the name of one of the following AWS managed policies.
+  `AWSCloud9User` (preferred) or `AWSCloud9Administrator` to enable each user in the group to be an environment owner
+  `AWSCloud9EnvironmentMember` to enable each user in the group to be a member only

## Invite a user in the same account as the Environment
<a name="share-environment-invite-user"></a>

Use the instructions in this section to share an AWS Cloud9 development environment that you own in your AWS account with a user in that same account.

1. Suppose that the user that you want to invite *isn't* one of the following types of users. Make sure the user that you want to invite already has the corresponding environment member access role. For instructions, see [About Environment Member Access Roles](#share-environment-member-roles).
   + The **AWS account root user**.
   + An **Administrator user**.
   + A **user who belongs to an IAM group**, a **user who assumes a role**, or a **federated user who assumes a role**, *and* that group or role has the AWS managed policy `AWSCloud9Administrator` attached.

1. Open the environment that you own and want to invite the user to, if the environment isn't already open.

1. In the menu bar in the AWS Cloud9 IDE, do one of the following.
   + Choose **Window, Share**.
   + Choose **Share** (located next to the **Preferences** gear icon).  
![\[The Share command in the AWS Cloud9 IDE menu bar\]](http://docs.aws.amazon.com/cloud9/latest/user-guide/images/ide-share.png)

1. In the **Share this environment** dialog box, for **Invite Members**, type one of the following.
   + To invite an **IAM user**, enter the name of the user.
   + To invite the **AWS account root user**, enter `arn:aws:iam::123456789012:root`. Replace `123456789012` with your AWS account ID.
   + To invite a **user with an assumed role** or a **federated user with an assumed role**, enter `arn:aws:sts::123456789012:assumed-role/MyAssumedRole/MyAssumedRoleSession`. Replace `123456789012` with your AWS account ID, `MyAssumedRole` with the name of the assumed role. Replace `MyAssumedRoleSession` with the session name for the assumed role.

1. To make this user a read-only member, choose **R**. To make this user read/write, choose **RW**.

1. Choose **Invite**.
**Note**  
If you make this user a read/write member, a dialog box is displayed, containing information about possibly putting your AWS security credentials at risk. The following information provides more background about this issue.  
You should share an environment only with those you trust.  
A read/write member may be able to use the AWS CLI, the AWS CloudShell, or AWS SDK code in your environment to take actions in AWS on your behalf. Furthermore, if you store your permanent AWS access credentials within the environment, that member could potentially copy those credentials and use them outside of the environment.  
Removing your permanent AWS access credentials from your environment and using temporary AWS access credentials instead does not fully address this issue. It lessens the opportunity of the member to copy those temporary credentials and use them outside of the environment (as those temporary credentials will work only for a limited time). However, temporary credentials still enable a read/write member to take actions in AWS from the environment on your behalf.

1. Contact the user to let them know they can open this environment and begin using it.

## Have an AWS Cloud9 administrator in the same account as the Environment invite themself or others
<a name="share-environment-admin-user"></a>

**Note**  
If you're using [AWS managed temporary credentials](security-iam.md#auth-and-access-control-temporary-managed-credentials), you can't use a terminal session in the AWS Cloud9 IDE to run some or all of the commands in this section. To address AWS security best practices, AWS managed temporary credentials don’t allow some commands to be run. Instead, you can run those commands from a separate installation of the AWS Command Line Interface (AWS CLI).

The following types of users can invite themselves (or other users in the same AWS account) to any environment in the same account.
+ The **AWS account root user**.
+ An **administrator user**.
+ A **user who belongs to an IAM group**, a **user who assumes a role**, or a **federated user who assumes a role**, *and* that group or role has the AWS managed policy `AWSCloud9Administrator` attached.

Suppose that the invited user *isn't* one of the preceding types of users. Make sure that user already has the corresponding environment member access role. For instructions, see [About Environment Member Access Roles](#share-environment-member-roles).

To invite the user, use the AWS CLI or the AWS CloudShell to run the AWS Cloud9 `create-environment-membership` command.

```
aws cloud9 create-environment-membership --environment-id 12a34567b8cd9012345ef67abcd890e1 --user-arn USER_ARN --permissions PERMISSION_LEVEL
```

In the preceding command, replace `12a34567b8cd9012345ef67abcd890e1` with the ID of the environment. Replace `PERMISSION_LEVEL` with `read-write` or `read-only`. And, replace `USER_ARN` with one of the following:
+ To invite an **IAM user**, enter `arn:aws:iam::123456789012:user/MyUser`. Replace `123456789012` with your AWS account ID and replace `MyUser` with the name of the user.
+ To invite the **AWS account root user**, enter `arn:aws:iam::123456789012:root`. Replace `123456789012` with your AWS account ID.
+ To invite a **user with an assumed role** or a **federated user with an assumed role**, enter `arn:aws:sts::123456789012:assumed-role/MyAssumedRole/MyAssumedRoleSession`. Replace `123456789012` with your AWS account ID. Replace `MyAssumedRole` with the name of the assumed role. And, replace `MyAssumedRoleSession` with the session name for the assumed role.

For example, to invite the AWS account root user for account ID `123456789012` to an environment with ID `12a34567b8cd9012345ef67abcd890e1` as a read/write member, run the following command.

```
aws cloud9 create-environment-membership --environment-id 12a34567b8cd9012345ef67abcd890e1 --user-arn arn:aws:iam::123456789012:root --permissions read-write
```

**Note**  
If you're using the AWS CloudShell, omit the `aws` prefix from the preceding commands.

# Open a shared Environment
<a name="share-environment-open"></a>

To open a shared environment, you can use your AWS Cloud9 dashboard. Use the AWS Cloud9 IDE to perform actions and complete work in a shared environment. Examples are working with files and chatting with other team members.

1. Make sure the corresponding access policy is attached to the group or role for your user. For more information, see [About Environment Member Access Roles](share-environment.md#share-environment-member-roles).

1. Sign in to the AWS Cloud9 console as follows:
   + If you're the only individual using your AWS account or you're an IAM user in a single AWS account, go to [https://console.aws.amazon.com/cloud9/](https://console.aws.amazon.com/cloud9/).
   + If your organization uses IAM Identity Center, see your AWS account administrator for sign-in instructions.
   + If you're a student in a classroom, see your instructor for sign-in instructions.

1. Open the shared environment from your AWS Cloud9 dashboard. For more information, see [Opening an Environment in AWS Cloud9](open-environment.md).

You use the **Collaborate** window to interact with other members, as described in the rest of this topic.

**Note**  
If the **Collaborate** window isn't visible, choose **Collaborate**. If the **Collaborate** button isn't visible, on the menu bar, choose **Window, Collaborate**.

![\[The Collaborate window in the AWS Cloud9 IDE\]](http://docs.aws.amazon.com/cloud9/latest/user-guide/images/ide-collaborate.png)


# See a list of environment members
<a name="share-environment-members-list"></a>

With the shared environment open, in the **Collaborate** window, expand **Environment Members**, if the list of members isn't visible.

A circle next to each member indicates their online status, as follows:
+ Active members have a green circle.
+ Offline members have a gray circle.
+ Idle members have an orange circle.

![\[Member online status in the AWS Cloud9 IDE\]](http://docs.aws.amazon.com/cloud9/latest/user-guide/images/ide-collaborate-status.png)


To use code to get a list of environment members, call the AWS Cloud9 describe environment memberships operation, as follows.


****  

|  |  | 
| --- |--- |
|  AWS CLI  |   [describe-environment-memberships](https://docs.aws.amazon.com/cli/latest/reference/cloud9/describe-environment-memberships.html)   | 
|  AWS SDK for C\$1\$1  |   [DescribeEnvironmentMembershipsRequest](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_describe_environment_memberships_request.html), [DescribeEnvironmentMembershipsResult](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_describe_environment_memberships_result.html)   | 
|  AWS SDK for Go  |   [DescribeEnvironmentMemberships](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DescribeEnvironmentMemberships), [DescribeEnvironmentMembershipsRequest](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DescribeEnvironmentMembershipsRequest), [DescribeEnvironmentMembershipsWithContext](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DescribeEnvironmentMembershipsWithContext)   | 
|  AWS SDK for Java  |   [DescribeEnvironmentMembershipsRequest](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/DescribeEnvironmentMembershipsRequest.html), [DescribeEnvironmentMembershipsResult](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/DescribeEnvironmentMembershipsResult.html)   | 
|  AWS SDK for JavaScript  |   [describeEnvironmentMemberships](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Cloud9.html#describeEnvironmentMemberships-property)   | 
|  AWS SDK for .NET  |   [DescribeEnvironmentMembershipsRequest](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TDescribeEnvironmentMembershipsRequest.html), [DescribeEnvironmentMembershipsResponse](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TDescribeEnvironmentMembershipsResponse.html)   | 
|  AWS SDK for PHP  |   [describeEnvironmentMemberships](https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cloud9-2017-09-23.html#describeenvironmentmemberships)   | 
|  AWS SDK for Python (Boto)  |   [describe\$1environment\$1memberships](https://boto3.readthedocs.io/en/latest/reference/services/cloud9.html#Cloud9.Client.describe_environment_memberships)   | 
|  AWS SDK for Ruby  |   [describe\$1environment\$1memberships](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Cloud9/Client.html#describe_environment_memberships-instance_method)   | 
|  AWS Tools for Windows PowerShell  |   [Get-C9EnvironmentMembershipList](https://docs.aws.amazon.com/powershell/latest/reference/items/Get-C9EnvironmentMembershipList.html)   | 
|  AWS Cloud9 API  |   [DescribeEnvironmentMemberships](https://docs.aws.amazon.com/cloud9/latest/APIReference/API_DescribeEnvironmentMemberships.html)   | 

# Open the active file of an environment member
<a name="share-environment-active-file"></a>

This step shows how you can open the active file of an environment member.

With the shared environment open, in the menu bar, choose the member name. Then, choose **Open Active File**.

![\[The Open Active File command in the AWS Cloud9 IDE\]](http://docs.aws.amazon.com/cloud9/latest/user-guide/images/ide-collaborate-active-file.png)


# Open the open file of an environment member
<a name="share-environment-open-file"></a>

This step shows how you can open the open file of an environment member.

1. With the shared environment open, in the **Collaborate** window, expand **Environment Members**, if the list of members isn't visible.

1. Expand the name of the user whose open file that you want to open in your environment.

1. Open (double-click) the name of the file that you want to open.

![\[Opening a team member's file in the AWS Cloud9 IDE\]](http://docs.aws.amazon.com/cloud9/latest/user-guide/images/ide-collaborate-open-file.png)


# Go to the active cursor of an environment member
<a name="share-environment-active-cursor"></a>

This step shows how you can navigate the active cursor of an environment member.

1. With the shared environment open, in the **Collaborate** window, expand **Environment Members**, if the list of members isn't visible.

1. Open the context (right-click) menu for the member name, and then choose **Show Location**.

# Manage chat in a shared Environment
<a name="chat-delete-share-environment"></a>

This topic shows how you can chat with other environment members, view chat messages in a shared Environment, and delete them from a shared Environment.

## Chat with other environment members
<a name="share-environment-chat"></a>

With the shared environment open, at the bottom of the **Collaborate** window, for **Enter your message here**, enter your chat message, and then press `Enter`.

![\[The chat area in the AWS Cloud9 IDE\]](http://docs.aws.amazon.com/cloud9/latest/user-guide/images/ide-collaborate-chat.png)


## View chat messages in a shared Environment
<a name="share-environment-chat-view"></a>

With the shared environment open, in the **Collaborate** window, expand **Group Chat**, if the list of chat messages isn't visible.

## Delete chat messages from a shared Environment
<a name="share-environment-chat-delete"></a>

With the shared environment open, in the **Collaborate** window, open the context (right-click) menu for the chat message in **Group Chat**. Then, choose **Delete Message**.

**Note**  
When you delete a chat message, it is deleted from the environment for all members.

## Delete all chat messages from a shared Environment
<a name="share-environment-chat-delete-all"></a>

With the shared environment open, in the **Collaborate** window, open a context (right-click) menu anywhere in **Group Chat**. Then, choose **Clear history**.

**Note**  
When you delete all chat messages, they're deleted from the environment for all members.

# Change the access role of an environment member
<a name="share-environment-change-access"></a>

This step shows how you can change the access role of an environment member. You can also use code to change the access role and update the AWS Cloud9 environment membership. 

1. Open the environment that you own and that contains the member whose access role you want to change, if the environment isn't already open. For more information, see [Opening an Environment in AWS Cloud9](open-environment.md).

1. If the list of members isn't visible, expand **Environment Members** in the **Collaborate** window.

1. Do one of the following actions:
   + Next to the member name whose access role that you want to change, choose **R** or **RW** to make this member owner or read/write, respectively.
   + To change a read/write member to read-only, open the context (right-click) menu for the member name, and then choose **Revoke Write Access**.
   + To change a read-only member to read/write, open the context (right-click) menu for the member name, and then choose **Grant Read\$1Write Access**.
**Note**  
If you make this user a read/write member, a dialog box is displayed, containing information about possibly putting your AWS security credentials at risk. Unless you trust that user to take actions in AWS on your behalf, don't make a user a read/write member. For more information, see the related note in [Invite a User in the Same Account as the Environment](share-environment.md#share-environment-invite-user).

To use code to change the access role of an environment member, call the AWS Cloud9 update environment membership operation, as follows.


****  

|  |  | 
| --- |--- |
|  AWS CLI  |   [update-environment-membership](https://docs.aws.amazon.com/cli/latest/reference/cloud9/update-environment-membership.html)   | 
|  AWS SDK for C\$1\$1  |   [UpdateEnvironmentMembershipRequest](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_update_environment_membership_request.html), [UpdateEnvironmentMembershipResult](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_update_environment_membership_result.html)   | 
|  AWS SDK for Go  |   [UpdateEnvironmentMembership](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.UpdateEnvironmentMembership), [UpdateEnvironmentMembershipRequest](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.UpdateEnvironmentMembershipRequest), [UpdateEnvironmentMembershipWithContext](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.UpdateEnvironmentMembershipWithContext)   | 
|  AWS SDK for Java  |   [UpdateEnvironmentMembershipRequest](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/UpdateEnvironmentMembershipRequest.html), [UpdateEnvironmentMembershipResult](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/UpdateEnvironmentMembershipResult.html)   | 
|  AWS SDK for JavaScript  |   [updateEnvironmentMembership](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Cloud9.html#updateEnvironmentMembership-property)   | 
|  AWS SDK for .NET  |   [UpdateEnvironmentMembershipRequest](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TUpdateEnvironmentMembershipRequest.html), [UpdateEnvironmentMembershipResponse](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TUpdateEnvironmentMembershipResponse.html)   | 
|  AWS SDK for PHP  |   [updateEnvironmentMembership](https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cloud9-2017-09-23.html#updateenvironmentmembership)   | 
|  AWS SDK for Python (Boto)  |   [update\$1environment\$1membership](https://boto3.readthedocs.io/en/latest/reference/services/cloud9.html#Cloud9.Client.update_environment_membership)   | 
|  AWS SDK for Ruby  |   [update\$1environment\$1membership](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Cloud9/Client.html#update_environment_membership-instance_method)   | 
|  AWS Tools for Windows PowerShell  |   [Update-C9EnvironmentMembership](https://docs.aws.amazon.com/powershell/latest/reference/items/Update-C9EnvironmentMembership.html)   | 
|  AWS Cloud9 API  |   [UpdateEnvironmentMembership](https://docs.aws.amazon.com/cloud9/latest/APIReference/API_UpdateEnvironmentMembership.html)   | 

# Remove your user from a shared Environment
<a name="share-environment-delete-you"></a>

This step shows how you can remove your user from a shared environment.

**Note**  
If you're the environment owner, you can't remove your user from an environment.  
Removing your user from an environment doesn't remove your user from IAM.

1. With the shared environment open, in the **Collaborate** window, expand **Environment Members**, if the list of members isn't visible.

1. Do one of the following actions:
   + Next to **You**, choose the trash can icon.
   + Open the context (right-click) menu for **You**, and then choose **Leave environment**.

1. When prompted, choose **Leave**.

To use code to remove your user from a shared environment, call the AWS Cloud9 delete environment membership operation, as follows.


****  

|  |  | 
| --- |--- |
|  AWS CLI  |   [delete-environment-membership](https://docs.aws.amazon.com/cli/latest/reference/cloud9/delete-environment-membership.html)   | 
|  AWS SDK for C\$1\$1  |   [DeleteEnvironmentMembershipRequest](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_delete_environment_membership_request.html), [DeleteEnvironmentMembershipResult](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_delete_environment_membership_result.html)   | 
|  AWS SDK for Go  |   [DeleteEnvironmentMembership](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DeleteEnvironmentMembership), [DeleteEnvironmentMembershipRequest](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DeleteEnvironmentMembershipRequest), [DeleteEnvironmentMembershipWithContext](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DeleteEnvironmentMembershipWithContext)   | 
|  AWS SDK for Java  |   [DeleteEnvironmentMembershipRequest](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/DeleteEnvironmentMembershipRequest.html), [DeleteEnvironmentMembershipResult](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/DeleteEnvironmentMembershipResult.html)   | 
|  AWS SDK for JavaScript  |   [deleteEnvironmentMembership](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Cloud9.html#deleteEnvironmentMembership-property)   | 
|  AWS SDK for .NET  |   [DeleteEnvironmentMembershipRequest](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TDeleteEnvironmentMembershipRequest.html), [DeleteEnvironmentMembershipResponse](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TDeleteEnvironmentMembershipResponse.html)   | 
|  AWS SDK for PHP  |   [deleteEnvironmentMembership](https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cloud9-2017-09-23.html#deleteenvironmentmembership)   | 
|  AWS SDK for Python (Boto)  |   [delete\$1environment\$1membership](https://boto3.readthedocs.io/en/latest/reference/services/cloud9.html#Cloud9.Client.delete_environment_membership)   | 
|  AWS SDK for Ruby  |   [delete\$1environment\$1membership](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Cloud9/Client.html#delete_environment_membership-instance_method)   | 
|  AWS Tools for Windows PowerShell  |   [Remove-C9EnvironmentMembership](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-C9EnvironmentMembership.html)   | 
|  AWS Cloud9 API  |   [DeleteEnvironmentMembership](https://docs.aws.amazon.com/cloud9/latest/APIReference/API_DeleteEnvironmentMembership.html)   | 

# Remove another environment member
<a name="share-environment-delete-member"></a>

This step shows how you can remove any member other than your user from an environment.

**Note**  
To remove any member other than your user from an environment, you must be signed in to AWS Cloud9 by using the environment owner's credentials.  
Removing a member doesn't remove the user from IAM.

1. Open the environment that contains the member you want to remove, if the environment isn't already open. For more information, see [Opening an Environment in AWS Cloud9](open-environment.md).

1. In the **Collaborate** window, expand **Environment Members**, if the list of members isn't visible.

1. Do one of the following:
   + Next to the name of the member you want to delete, choose the trash can icon.
   + Open the context (right-click) menu for the name of the member that you want to delete, and then choose **Revoke Access**.

1. When prompted, choose **Remove Member**.

To use code to remove a member from an environment, call the AWS Cloud9 delete environment membership operation, as follows.


****  

|  |  | 
| --- |--- |
|  AWS CLI  |   [delete-environment-membership](https://docs.aws.amazon.com/cli/latest/reference/cloud9/delete-environment-membership.html)   | 
|  AWS SDK for C\$1\$1  |   [DeleteEnvironmentMembershipRequest](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_delete_environment_membership_request.html), [DeleteEnvironmentMembershipResult](https://sdk.amazonaws.com/cpp/api/LATEST/class_aws_1_1_cloud9_1_1_model_1_1_delete_environment_membership_result.html)   | 
|  AWS SDK for Go  |   [DeleteEnvironmentMembership](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DeleteEnvironmentMembership), [DeleteEnvironmentMembershipRequest](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DeleteEnvironmentMembershipRequest), [DeleteEnvironmentMembershipWithContext](https://docs.aws.amazon.com/sdk-for-go/api/service/cloud9/#Cloud9.DeleteEnvironmentMembershipWithContext)   | 
|  AWS SDK for Java  |   [DeleteEnvironmentMembershipRequest](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/DeleteEnvironmentMembershipRequest.html), [DeleteEnvironmentMembershipResult](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/services/cloud9/model/DeleteEnvironmentMembershipResult.html)   | 
|  AWS SDK for JavaScript  |   [deleteEnvironmentMembership](https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Cloud9.html#deleteEnvironmentMembership-property)   | 
|  AWS SDK for .NET  |   [DeleteEnvironmentMembershipRequest](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TDeleteEnvironmentMembershipRequest.html), [DeleteEnvironmentMembershipResponse](https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Cloud9/TDeleteEnvironmentMembershipResponse.html)   | 
|  AWS SDK for PHP  |   [deleteEnvironmentMembership](https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cloud9-2017-09-23.html#deleteenvironmentmembership)   | 
|  AWS SDK for Python (Boto)  |   [delete\$1environment\$1membership](https://boto3.readthedocs.io/en/latest/reference/services/cloud9.html#Cloud9.Client.delete_environment_membership)   | 
|  AWS SDK for Ruby  |   [delete\$1environment\$1membership](https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/Cloud9/Client.html#delete_environment_membership-instance_method)   | 
|  AWS Tools for Windows PowerShell  |   [Remove-C9EnvironmentMembership](https://docs.aws.amazon.com/powershell/latest/reference/items/Remove-C9EnvironmentMembership.html)   | 
|  AWS Cloud9 API  |   [DeleteEnvironmentMembership](https://docs.aws.amazon.com/cloud9/latest/APIReference/API_DeleteEnvironmentMembership.html)   | 

# Environment sharing best practices
<a name="share-environment-best-practices"></a>

We recommend the following practices when sharing environments:
+ Only invite read/write members you trust to your environments.
+ For EC2 environments, read/write members can use the environment owner's AWS access credentials to make calls from the environment to AWS services. This is instead of their own credentials. To prevent this, the environment owner can disable AWS managed temporary credentials for the environment. However, this also prevents the environment owner from making calls. For more information, see [AWS Managed Temporary Credentials](security-iam.md#auth-and-access-control-temporary-managed-credentials).
+ Turn on AWS CloudTrail to track activity in your environments. For more information, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
+ Don't use your AWS account root user to create and share environments. Use IAM users in the account instead. For more information, see [First-Time Access Only: Your Root User Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_identity-management.html#intro-identity-first-time-access) and [IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_identity-management.html#intro-identity-users) in the *IAM User Guide*.